4 matches found
au.com.govlawtech:dvasopapi-client (=1.3.1), by.exonit.redmine.client:client-play-ws_2.11 (=4.0.0-RC2) +342 more potentially affected by CVE-2017-14063 via org.asynchttpclient:async-http-client (>=2.0.0-RC1 <=2.0.34)
org.asynchttpclient:async-http-client MAVEN version =2.0.0-RC1, =1.0, =1.23.0, =1.23.0, =1.2.2, =0.5.4, =0.9.1, =0.0.1, =0.1.13, =1.0, =2.7.0 and more Source cves: CVE-2017-14063 Source advisory: OSV:GHSA-93JQ-624G-4P9P...
Important: Red Hat Security Advisory: Fuse 7.1 security update
An update is now available for Red Hat Fuse. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
CVE-2017-14063
Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...
CVE-2017-14063
CVE-2017-14063 affects Async Http Client (async-http-client) prior to 2.0.35. The underlying issue allows an attacker to cause the client to connect to a host different from the one parsed from java.net.URI when a ? appears in a fragment. This vulnerability is corroborated by CNVD-2017-31118, whi...