Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
Asynchttpclient ProjectAsync-http-client

3 matches found

CVE
CVEadded 2017/08/31 4:0 p.m.106 views

CVE-2017-14063

CVE-2017-14063 affects Async Http Client (async-http-client) prior to 2.0.35. The underlying issue allows an attacker to cause the client to connect to a host different from the one parsed from java.net.URI when a ? appears in a fragment. This vulnerability is corroborated by CNVD-2017-31118, whi...

7.5CVSS7.7AI score0.03046EPSS
CVE
CVEadded 2023/01/18 12:0 a.m.93 views

CVE-2023-0040

CVE-2023-0040 affects Async HTTP Client prior to 1.13.2. The root cause is insufficient validation of HTTP header field values, enabling CRLF injection that can inject new HTTP header fields or requests into the data stream. Impact described in the connected documents notes that remote servers ma...

7.5CVSS7.7AI score0.00549EPSS
CVE
CVEadded 2026/06/05 7:32 p.m.26 views

CVE-2026-45300

CVE-2026-45300 affects AsyncHttpClient: vulnerable in the 2.x branch before 2.15.0 and the 3.x branch before 3.0.10. When following cross-origin redirects, propagatedHeaders() strips Authorization and Proxy-Authorization but leaves Cookie intact, causing session cookies and other sensitive cookie...

7.4CVSS5.5AI score0.00266EPSS