org.asynchttpclient:async-http-client

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.asynchttpclient:async-http-clientpage 1 of 1

CVE-2017-14063HIGHCVSS 7.5EG 7.5✓ Fixed in 2.0.35
2017-08-31
vulnerable: 2.0.0 ... 2.0.9 (71 versions)
Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified i…
CVE-2024-53990CRITICALCVSS 9.2EG 0.0✓ Fixed in 3.0.1
2024-12-02
vulnerable: 3.0.0, 3.0.0.Beta1, 3.0.0.Beta2, 3.0.0.Beta3
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore (aka cookie jar) wil…
CVE-2026-40490MEDIUMCVSS 6.8EG 6.8✓ Fixed in 2.14.5
2026-04-18
vulnerable: 2.0.0 ... 2.9.0 (109 versions)
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled (followRedirect(true)), versions of AsyncHttpClient prior to 3.0.9 and…

Check whether org.asynchttpclient:async-http-client is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.asynchttpclient:async-http-client CVEs against the assets you own.

Start Free Scan →