An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host.
CPE | Name | Operator | Version |
---|---|---|---|
play_framework | ge | 2.5.0 | |
play_framework | le | 2.5.19 | |
play_framework | ge | 2.6.0 | |
play_framework | le | 2.6.23 |