CVE-2019-17598 – com.typesafe.play:play-ws_2.12

Package

Manager: maven
Name: com.typesafe.play:play-ws_2.12
Vulnerable Version: >=2.5.0 <2.6.24

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0015 pctl0.36239

Details

Play Framework Inadequate Encryption Strength vulnerability An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host.

Metadata

Created: 2022-05-24T22:01:04Z
Modified: 2022-11-22T19:04:39Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-442g-gcg6-mhm4/GHSA-442g-gcg6-mhm4.json
CWE IDs: ["CWE-326"]
Alternative ID: GHSA-442g-gcg6-mhm4
Finding: F052
Auto approve: 1