69 matches found
async-http-client: Cookie header not stripped on cross-origin redirect
Summary async-http-client leaks Cookie headers to cross-origin redirect targets. When following a redirect across a security boundary different origin, or HTTPS→HTTP downgrade, the propagatedHeaders method in Redirect30xInterceptor.java strips Authorization and Proxy-Authorization headers but doe...
PT-2026-41727
🟠 async-http-client, Information Disclosure, CVE-2026-45300 Medium https://t.co/5cTcoDxxEt...
CVE-2026-45300
creationtimestamp| type| source ---|---|--- 2026-05-12 21:02:02+00:00| published-proof-of-concept| https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-fmxf-pm6p-7xgm...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of AsyncHttpClient
Summary Due to use of AsyncHttpClient, DevOps Test Performance and Rational Performance Tester contain a potential vulnerability where Authorization/Proxy-Authorization headers are improperly leaked. Vulnerability Details CVEID:CVE-2026-40490 DESCRIPTION: The AsyncHttpClient AHC library allows Ja...
UBUNTU-CVE-2026-40490
The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled followRedirecttrue, versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers...
Async Http Client 安全漏洞
Async Http Client is an open-source Java-based asynchronous HTTP and WebSocket client library developed by AsyncHttpClient. Versions prior to 3.0.9 and 2.14.5 of Async Http Client had security vulnerabilities. These vulnerabilities stemmed from the redirection process, where authorization headers...
com.akamai.edgegrid:edgegrid-signer-async-http-client (>=6.0.1 <=6.0.3-rc.1), com.arpnetworking.metrics:mad-experimental (>=1.2.4 <=1.2.11) +48 more potentially affected by CVE-2026-40490 via org.asynchttpclient:async-http-client (>=3.0.0.Beta1 <=3.0.7)
org.asynchttpclient:async-http-client MAVEN version =3.0.0.Beta1, =6.0.1, =1.2.4, =1.22.5, =1.13.8, =1.1.0, =0.4.8, =0.4.8, =0.4.8, =1.17.0, =1.17.0, =1.17.0, =0.5.0, =218.0.0, =14.5.0, =16.0.0 and more Source cves: CVE-2026-40490 Source advisory: OSV:GHSA-CMXV-58FP-FM3G...
ai.evolv:ascend-sdk (=0.5.0), app.peac:core (=0.0.1) +2550 more potentially affected by CVE-2026-40490 via org.asynchttpclient:async-http-client (>=2.0.0 <=2.12.4)
org.asynchttpclient:async-http-client MAVEN version =2.0.0, =0.7.0, =0.7.0, =0.1.0, =0.2.0, =0.7.0, =0.7.0, =0.1.0, =0.2.0, =0.1.0, =0.2.0, =2.2, =2.0, =2.0-RC2 and more Source cves: CVE-2026-40490 Source advisory: OSV:GHSA-CMXV-58FP-FM3G...
EUVD-2018-0557
Malware in sbrugna...
EUVD-2022-3182
Malicious code in bioql PyPI...
EUVD-2023-1887
Malicious code in bioql PyPI...
CVE-2023-0040
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...
Security Bulletin: Vulnerabiity in Async Http Client affects watsonx.data
Summary Async Http Client aka async-http-client could allow a remote attacker to bypass security restrictions. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2017-14063 DESCRIPTION: Async Http Client aka async-http-client could allow a remote attacker to bypass security...
io.github.shoothzj:http-client-facade (=0.0.1), io.github.taikonaut3:virtue-demo (>=0.0.1-alpha <=1.0.0-alpha) +7 more potentially affected by CVE-2024-53990 via org.asynchttpclient:async-http-client (>=3.0.0.Beta1 <=3.0.0.Beta3)
org.asynchttpclient:async-http-client MAVEN version =3.0.0.Beta1, =0.0.1-alpha, =0.3.1, =0.0.1, =3.0.0-M2, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-RC2 Source cves: CVE-2024-53990 Source advisory: OSV:GHSA-MFJ5-CF8G-G2FV...
UBUNTU-CVE-2024-53990
The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...
Async Http Client 授权问题漏洞
Async Http Client is AsyncHttpClient open source asynchronous Http and WebSocket client library for Java. An authorization issue vulnerability exists in Async Http Client version 3.0.0, which stems from an automatically enabled and self-managed CookieStore handling mechanism that can lead to...
Security Bulletin: Vulnerability in Async Http Client affects IBM watsonx.data
Summary Async Http Client aka async-http-client could allow a remote attacker to bypass security restrictions, caused by the failure to parse the fragment identifier of the URL when handling '?' character. By using a specially-crafted URL with '?' character, an attacker could exploit this...
Security Bulletin: Vulnerability in Async Http Client affects IBM watsonx.data
Summary Async Http Client aka async-http-client could allow a remote attacker to bypass security restrictions, caused by the failure to parse the fragment identifier of the URL when handling '?' character. By using a specially-crafted URL with '?' character, an attacker could exploit this...
GHSA-V3R5-PJPM-MWGQ Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...