Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.asynchttpclient/async-http-client-project@1.5.0
Typemaven
Namespaceorg.asynchttpclient
Nameasync-http-client-project
Version1.5.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.35
Latest_non_vulnerable_version2.0.35
Affected_by_vulnerabilities
0
url VCID-c1h6-98pa-gkf9
vulnerability_id VCID-c1h6-98pa-gkf9
summary 
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Versions of Async HTTP Client prior to 1.13.2 is vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users is vulnerable if they pass untrusted data into HTTP header field values without prior sanitisation. Common use-cases here might be to place usernames from a database into HTTP header fields. This vulnerability allows attackers to inject new HTTP header fields, or entirely new requests, into the data stream. This can cause requests to be understood very differently by the remote server than was intended. In general, this is unlikely to result in data disclosure, but it can result in a number of logical errors and other misbehaviours.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0040
reference_id
reference_type
scores
0
value 0.00356
scoring_system epss
scoring_elements 0.58188
published_at 2026-06-04T12:55:00Z
1
value 0.00356
scoring_system epss
scoring_elements 0.58238
published_at 2026-06-09T12:55:00Z
2
value 0.00356
scoring_system epss
scoring_elements 0.5822
published_at 2026-06-08T12:55:00Z
3
value 0.00356
scoring_system epss
scoring_elements 0.58235
published_at 2026-06-07T12:55:00Z
4
value 0.00356
scoring_system epss
scoring_elements 0.58245
published_at 2026-06-06T12:55:00Z
5
value 0.00356
scoring_system epss
scoring_elements 0.58237
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0040
1
reference_url https://github.com/swift-server/async-http-client
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/swift-server/async-http-client
2
reference_url https://github.com/swift-server/async-http-client/commit/7f05a8da46cc2a4ab43218722298b81ac7a08031
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/swift-server/async-http-client/commit/7f05a8da46cc2a4ab43218722298b81ac7a08031
3
reference_url https://github.com/swift-server/async-http-client/releases/tag/1.12.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/swift-server/async-http-client/releases/tag/1.12.1
4
reference_url https://github.com/swift-server/async-http-client/releases/tag/1.13.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/swift-server/async-http-client/releases/tag/1.13.2
5
reference_url https://github.com/swift-server/async-http-client/releases/tag/1.4.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/swift-server/async-http-client/releases/tag/1.4.1
6
reference_url https://github.com/swift-server/async-http-client/releases/tag/1.9.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/swift-server/async-http-client/releases/tag/1.9.1
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0040
reference_id CVE-2023-0040
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0040
8
reference_url https://github.com/swift-server/async-http-client/security/advisories/GHSA-v3r5-pjpm-mwgq
reference_id GHSA-v3r5-pjpm-mwgq
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-02T17:47:16Z/
url https://github.com/swift-server/async-http-client/security/advisories/GHSA-v3r5-pjpm-mwgq
fixed_packages
0
url pkg:maven/org.asynchttpclient/async-http-client-project@1.9.1
purl pkg:maven/org.asynchttpclient/async-http-client-project@1.9.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client-project@1.9.1
1
url pkg:maven/org.asynchttpclient/async-http-client-project@1.12.1
purl pkg:maven/org.asynchttpclient/async-http-client-project@1.12.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client-project@1.12.1
2
url pkg:maven/org.asynchttpclient/async-http-client-project@1.13.2
purl pkg:maven/org.asynchttpclient/async-http-client-project@1.13.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client-project@1.13.2
aliases CVE-2023-0040, GHSA-v3r5-pjpm-mwgq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c1h6-98pa-gkf9
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client-project@1.5.0