QwikSec

Security Database

CVE

CWE

Training

CVE-2024-53990

Published: Dec 2, 2024

Modified: Dec 4, 2024

PUBLISHED

Description

The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore (aka cookie jar) will silently replace explicitly defined Cookies with any that have the same name from the cookie jar. For services that operate with multiple users, this can result in one user's Cookie being used for another user's requests.

Vendor	Product	Versions
AsyncHttpClient	async-http-client	affected `< 3.0.1`

Weaknesses (CWE)

References

https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv

x_refsource_CONFIRM

https://github.com/AsyncHttpClient/async-http-client/issues/1964

x_refsource_MISC

https://github.com/AsyncHttpClient/async-http-client/pull/2033

x_refsource_MISC

https://github.com/AsyncHttpClient/async-http-client/commit/d5a83362f7aed81b93ebca559746ac9be0f95425

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.