CVE-2024-53990
- EPSS 0.22%
- Veröffentlicht 02.12.2024 18:15:11
- Zuletzt bearbeitet 02.12.2024 18:15:11
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore (aka cookie jar) will silently ...
CVE-2023-0040
- EPSS 0.11%
- Veröffentlicht 18.01.2023 19:15:11
- Zuletzt bearbeitet 03.04.2025 20:15:19
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network...
CVE-2017-14063
- EPSS 1.64%
- Veröffentlicht 31.08.2017 16:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE...