VYPR

Maven package

org.asynchttpclient/async-http-client

pkg:maven/org.asynchttpclient/async-http-client

Vulnerabilities (3)

  • CVE-2026-40490MedApr 18, 2026
    affected >= 3.0.0.Beta1, < 3.0.9fixed 3.0.9

    The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled (followRedirect(true)), versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-A

  • CVE-2024-53990CriDec 2, 2024
    affected >= 2.1.0, < 2.12.4fixed 2.12.4

    The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore (aka cookie jar) will silently replace explicitly defined Coo

  • CVE-2017-14063HigAug 31, 2017
    affected < 2.0.35fixed 2.0.35

    Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8