org.asynchttpclient:async-http-client@3.0.0 vulnerabilities

  • latest version

    3.0.1

  • latest non vulnerable version

  • first published

    9 years ago

  • latest version published

    23 days ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the org.asynchttpclient:async-http-client package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Improper Authentication

    org.asynchttpclient:async-http-client is a maven plugin for the Async Http Client (AHC) classes.

    Affected versions of this package are vulnerable to Improper Authentication due to the CookieStore process in the RequestBuilderBase component, which replaces Cookies that were explicitly defined with any that have the same name from the cookie jar. An attacker can manipulate session management by replacing user cookies with others having the same name.

    How to fix Improper Authentication?

    Upgrade org.asynchttpclient:async-http-client to version 3.0.1 or higher.

    [3.0.0,3.0.1)