Lucene search
K

79 matches found

RedhatCVE
RedhatCVE
added 2026/07/08 8:21 a.m.4 views

CVE-2026-55688

A flaw was found in the AsyncHttpClient AHC library. The ThreadSafeCookieStore component did not properly verify the domain attribute of cookies, allowing a malicious host to set a cookie for an unrelated domain. This cookie would then be sent by the client in subsequent requests to the targeted...

4CVSS5.8AI score0.00179EPSS
Exploits0References5
OSV
OSV
added 2026/07/01 8:17 p.m.4 views

DEBIAN-CVE-2026-55688

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to 3.0.11, ThreadSafeCookieStore stored a cookie under the value of its Domain attribute without...

4CVSS5.8AI score0.00179EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 7:40 p.m.23 views

CVE-2026-55688

Affected software: AsyncHttpClient (AHC) library for Java. Vulnerable versions: 2.0.0 up to (but not including) 2.16.0, and 3.0.0.Beta1 up to (but not including) 3.0.11. Root cause: ThreadSafeCookieStore may store a cookie using the.Domain value without validating that the responding host is allo...

4CVSS5.8AI score0.00179EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 8:19 p.m.8 views

GHSA-MGF9-4VPG-HJ56 tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)

Tornado's gzip decompression routines work in limited-size chunks, but have no overall limit for the total size of decompressed chunks that they will accumulate There has always been a limit for the total compressed size. This allows a malicious server to consume effectively unlimited amounts of...

7.5CVSS5.4AI score0.00052EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 1:11 p.m.10 views

Security Bulletin: DevOps Test Performance / Rational Performance Tester contains a vulnerability related to use of the AsyncHttpClient (AHC) library

Summary Due to use of the AsyncHttpClient AHC library, DevOps Test Performance / Rational Performance Tester, contains a potential vulnerability exposing sensitive session cookies or other credentials. CVE-2026-45300 Vulnerability Details CVEID:CVE-2026-45300 DESCRIPTION: The AsyncHttpClient AHC...

7.4CVSS5.5AI score0.00322EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-45300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch...

7.4CVSS5.8AI score0.00322EPSS
Exploits1References2
OSV
OSV
added 2026/06/05 8:17 p.m.11 views

UBUNTU-CVE-2026-45300

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak Cookie headers to cross-origin redirect targets. When following a redirect to a...

7.4CVSS5.5AI score0.00322EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/06/05 7:32 p.m.10 views

CVE-2026-45300 async-http-client: Cookie header not stripped on cross-origin redirect

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak Cookie headers to cross-origin redirect targets. When following a redirect to a...

7.4CVSS5.5AI score0.00322EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2026/05/18 4:42 p.m.6 views

ai.evolv:ascend-sdk (=0.5.0), app.peac:core (=0.0.1) +2567 more potentially affected by CVE-2026-45300 via org.asynchttpclient:async-http-client (>=2.0.0-RC1 <=2.14.5)

org.asynchttpclient:async-http-client MAVEN version =2.0.0-RC1, =0.7.0, =0.7.0, =0.1.0, =0.2.0, =0.7.0, =0.7.0, =0.1.0, =0.2.0, =0.1.0, =0.2.0, =2.2, =2.0, =2.0-RC2 and more Source cves: CVE-2026-45300 Source advisory: SNYK:JAVA-ORGASYNCHTTPCLIENT-16755239...

7.4CVSS5.4AI score0.00322EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/05/18 4:42 p.m.20 views

async-http-client: Cookie header not stripped on cross-origin redirect

Summary async-http-client leaks Cookie headers to cross-origin redirect targets. When following a redirect across a security boundary different origin, or HTTPS→HTTP downgrade, the propagatedHeaders method in Redirect30xInterceptor.java strips Authorization and Proxy-Authorization headers but doe...

7.4CVSS5.8AI score0.00322EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.14 views

PT-2026-41727

Name of the Vulnerable Software and Affected Versions async-http-client versions prior to 2.15.0 async-http-client versions prior to 3.0.10 Description An information disclosure issue exists where Cookie headers are leaked to cross-origin redirect targets. When following a redirect across a...

7.4CVSS5.4AI score0.00322EPSS
Exploits1References11
Circl
Circl
added 2026/05/12 9:2 p.m.10 views

CVE-2026-45300

creationtimestamp| type| source ---|---|--- 2026-05-12 21:02:02+00:00| published-proof-of-concept| https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-fmxf-pm6p-7xgm 2026-06-05 21:15:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnl2nqfonh2z...

7.4CVSS5.3AI score0.00322EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/22 2:51 p.m.4 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of AsyncHttpClient

Summary Due to use of AsyncHttpClient, DevOps Test Performance and Rational Performance Tester contain a potential vulnerability where Authorization/Proxy-Authorization headers are improperly leaked. Vulnerability Details CVEID:CVE-2026-40490 DESCRIPTION: The AsyncHttpClient AHC library allows Ja...

6.8CVSS6AI score0.00326EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/04/18 2:16 a.m.7 views

UBUNTU-CVE-2026-40490

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled followRedirecttrue, versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers...

6.8CVSS6AI score0.00326EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.14 views

Async Http Client 安全漏洞

Async Http Client is an open-source Java-based asynchronous HTTP and WebSocket client library developed by AsyncHttpClient. Versions prior to 3.0.9 and 2.14.5 of Async Http Client had security vulnerabilities. These vulnerabilities stemmed from the redirection process, where authorization headers...

6.8CVSS5.8AI score0.00326EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/04/14 1:7 a.m.9 views

com.akamai.edgegrid:edgegrid-signer-async-http-client (>=6.0.1 <=6.0.3-rc.1), com.arpnetworking.metrics:mad-experimental (>=1.2.4 <=1.2.11) +66 more potentially affected by CVE-2026-40490 via org.asynchttpclient:async-http-client (>=3.0.0.Beta1 <=3.0.7)

org.asynchttpclient:async-http-client MAVEN version =3.0.0.Beta1, =6.0.1, =1.2.4, =1.22.5, =1.13.8, =1.1.0, =0.4.8, =0.4.8, =0.4.8, =1.17.0, =1.17.0, =1.17.0, =0.5.0, =2.7.3, =218.0.0, =14.5.0, =16.0.0 and more Source cves: CVE-2026-40490 Source advisory: OSV:GHSA-CMXV-58FP-FM3G...

6.8CVSS5.7AI score0.00326EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/14 1:7 a.m.8 views

ai.evolv:ascend-sdk (=0.5.0), app.peac:core (=0.0.1) +2551 more potentially affected by CVE-2026-40490 via org.asynchttpclient:async-http-client (>=2.0.0 <=2.12.4)

org.asynchttpclient:async-http-client MAVEN version =2.0.0, =0.7.0, =0.7.0, =0.1.0, =0.2.0, =0.7.0, =0.7.0, =0.1.0, =0.2.0, =0.1.0, =0.2.0, =2.2, =2.0, =2.0-RC2 and more Source cves: CVE-2026-40490 Source advisory: OSV:GHSA-CMXV-58FP-FM3G...

6.8CVSS5.4AI score0.00326EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-0557

Malware in sbrugna...

7.5CVSS7.6AI score0.03046EPSS
Exploits0References58
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-3182

Malicious code in bioql PyPI...

4.3CVSS7.4AI score0.00993EPSS
Exploits0References21
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-1887

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00549EPSS
Exploits0References8
Rows per page
Query Builder