Homepage

org.asynchttpclient:async-http-client@3.0.8

  • latest version

    3.0.8

  • first published

    10 years ago

  • latest version published

    21 days ago

  • licenses detected

  • package registry

    View on Maven Central Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.asynchttpclient:async-http-client package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Origin Validation Error

    org.asynchttpclient:async-http-client is a maven plugin for the Async Http Client (AHC) classes.

    Affected versions of this package are vulnerable to Origin Validation Error in the Redirect30xInterceptor class. An attacker in control of a cross-origin redirect target via a different exploit such as open redirect or DNS rebinding, or who is in a MitM position on HTTP connections, can leak Authorization and Proxy-Authorization headers. This is only exploitable if redirect following is enabled - i.e. followRedirect(true).

    How to fix Origin Validation Error?

    Upgrade org.asynchttpclient:async-http-client to version 3.0.9 or higher.

    [,3.0.9)
    Go back to all versions of this package