Lightbend · Lightbend Play Framework · CVE-2019-17598
**Name of the Vulnerable Software and Affected Versions**
Lightbend Play Framework versions 2.5.x through 2.6.23
**Description**
An issue was discovered in the Lightbend Play Framework. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes expose the proxy credentials to the target host, typically under high load when connecting to a target host using https.
**Recommendations**
For versions 2.5.x through 2.6.23, consider reconfiguring the proxy settings to avoid using authenticated HTTP proxies until a fix is available. As a temporary workaround, restrict access to sensitive resources that may be exposed due to this issue.