A denial of service (DoS) vulnerability has been found in the WS HTTP Client in Play when using the OAuth 1.0 functionality over TLS.
The vulnerability has been fixed in Play 2.5.11, and work arounds have been published for other Play versions.
For details on this vulnerability, including the workarounds, please see the vulnerability advisory on the Play website:
Thanks,
Will Sargent
Play Team, Lightbend