CVE-2026-45300
- EPSS 0.32%
- Veröffentlicht 05.06.2026 19:32:43
- Zuletzt bearbeitet 08.06.2026 18:37:41
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak `Cookie` headers to cross-origin ...
CVE-2024-53990
- EPSS 0.58%
- Veröffentlicht 02.12.2024 18:15:11
- Zuletzt bearbeitet 15.04.2026 00:35:42
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore (aka cookie jar) will silently ...
CVE-2023-0040
- EPSS 0.55%
- Veröffentlicht 18.01.2023 19:15:11
- Zuletzt bearbeitet 03.04.2025 20:15:19
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network...
CVE-2017-14063
- EPSS 3.05%
- Veröffentlicht 31.08.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE...