curl: Cookie Replacement Use-After-Free Vulnerability

Summary: The cookie replacement logic in lib/cookie.c contains a use-after-free vulnerability in the replaceexisting function. The function modifies a linked list while iterating over it, creating potential for memory corruption in concurrent or complex cookie operations. Vulnerable Code Location...

async-http-client: AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s

A flaw was found in the AsyncHttpClient AHC library. When making any HTTP request, the automatically enabled and self-managed CookieStore will silently replace explicitly defined cookies with any that have the same name from the CookieStore. For services that operate with multiple users, this can...

K000149537: AsyncHttpClient vulnerability CVE-2024-53990

Security Advisory Description The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly...

The vulnerability of the RequestBuilder class in the CookieStore interface of the asynchronous HTTP request processing library Async Http Client allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the RequestBuilder class in the CookieStore interface of the asynchronous HTTP request processing library Async Http Client is related to the replacement of cookie files due to incorrect authentication procedures. Exploiting this vulnerability can allow an attacker operating...

GHSA-MFJ5-CF8G-G2FV AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s

Summary When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that have the same name from the cookie jar. For services that operate with multiple users, this can result in one user's Cookie...

PT-2024-9750 · Unknown +1 · Async Http Client +1

Name of the Vulnerable Software and Affected Versions: AsyncHttpClient versions prior to 3.0.1 Description: The AsyncHttpClient library has an issue where the automatically enabled and self-managed CookieStore silently replaces explicitly defined Cookies with any that have the same name from the...

The vulnerability of the WSGI Werkzeug web application library, related to the distribution of resources without restrictions or regulation, allows a hacker to replace the cookie file.

The vulnerability of the WSGI Werkzeug web application lies in the fact that the application does not properly control the consumption of internal resources when processing data with a complex structure and containing a large number of fields. Exploiting this vulnerability could allow an attacker...

Volto 授权问题漏洞

Volto is a ReactJS-based front-end for the Plone content management system. Volto is vulnerable to an authentication vulnerability that could be exploited by attackers to replace its authentication cookies with authentication cookies from other users, effectively giving them control over other...