{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44581?format=json","vulnerability_id":"VCID-su1f-sa1r-e7gp","summary":"The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore (aka cookie jar) will silently replace explicitly defined Cookies with any that have the same name from the cookie jar. For services that operate with multiple users, this can result in one user's Cookie being used for another user's requests.","aliases":[{"alias":"CVE-2024-53990"},{"alias":"GHSA-mfj5-cf8g-g2fv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372454?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.12.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.12.4"},{"url":"http://public2.vulnerablecode.io/api/packages/372455?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@3.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@3.0.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/766735?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/766736?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/766737?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/766738?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/766739?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/766740?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/766741?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/766742?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/766743?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/766744?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.4.3"},{"url":"http://public2.vulnerablecode.io/api/packages/766745?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/766746?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.4.5"},{"url":"http://public2.vulnerablecode.io/api/packages/766747?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/766748?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.4.7"},{"url":"http://public2.vulnerablecode.io/api/packages/766749?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.4.8"},{"url":"http://public2.vulnerablecode.io/api/packages/766750?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/766751?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/766752?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/766753?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/766754?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/766755?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/766756?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/766757?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/766758?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/766759?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/766760?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/766761?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.10.0"},{"url":"http://public2.vulnerablecode.io/api/packages/766762?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.10.1"},{"url":"http://public2.vulnerablecode.io/api/packages/766763?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.10.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.10.2"},{"url":"http://public2.vulnerablecode.io/api/packages/766764?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/766765?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.10.4"},{"url":"http://public2.vulnerablecode.io/api/packages/766766?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.10.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.10.5"},{"url":"http://public2.vulnerablecode.io/api/packages/766767?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/766768?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.12.0"},{"url":"http://public2.vulnerablecode.io/api/packages/766769?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.12.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.12.1"},{"url":"http://public2.vulnerablecode.io/api/packages/766770?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.12.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.12.2"},{"url":"http://public2.vulnerablecode.io/api/packages/766771?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@2.12.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@2.12.3"},{"url":"http://public2.vulnerablecode.io/api/packages/40927?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@3.0.0.Beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j9ud-e4r3-13b1"},{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@3.0.0.Beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/766772?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@3.0.0.Beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@3.0.0.Beta2"},{"url":"http://public2.vulnerablecode.io/api/packages/766773?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@3.0.0.Beta3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@3.0.0.Beta3"},{"url":"http://public2.vulnerablecode.io/api/packages/766774?format=json","purl":"pkg:maven/org.asynchttpclient/async-http-client@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-su1f-sa1r-e7gp"},{"vulnerability":"VCID-vf1m-dhav-nybd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.asynchttpclient/async-http-client@3.0.0"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53990.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53990.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53990","reference_id":"","reference_type":"","scores":[{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63651","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63766","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63752","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53990"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53990","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53990"},{"reference_url":"https://github.com/AsyncHttpClient/async-http-client","reference_id":"","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/AsyncHttpClient/async-http-client"},{"reference_url":"https://github.com/AsyncHttpClient/async-http-client/blob/main/CHANGES.md#from-20-to-21","reference_id":"","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/AsyncHttpClient/async-http-client/blob/main/CHANGES.md#from-20-to-21"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53990","reference_id":"","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53990"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089228","reference_id":"1089228","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089228"},{"reference_url":"https://github.com/AsyncHttpClient/async-http-client/issues/1964","reference_id":"1964","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:04:19Z/"}],"url":"https://github.com/AsyncHttpClient/async-http-client/issues/1964"},{"reference_url":"https://github.com/AsyncHttpClient/async-http-client/pull/2033","reference_id":"2033","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:04:19Z/"}],"url":"https://github.com/AsyncHttpClient/async-http-client/pull/2033"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2330004","reference_id":"2330004","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2330004"},{"reference_url":"https://github.com/AsyncHttpClient/async-http-client/commit/d5a83362f7aed81b93ebca559746ac9be0f95425","reference_id":"d5a83362f7aed81b93ebca559746ac9be0f95425","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:04:19Z/"}],"url":"https://github.com/AsyncHttpClient/async-http-client/commit/d5a83362f7aed81b93ebca559746ac9be0f95425"},{"reference_url":"https://github.com/advisories/GHSA-mfj5-cf8g-g2fv","reference_id":"GHSA-mfj5-cf8g-g2fv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mfj5-cf8g-g2fv"},{"reference_url":"https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv","reference_id":"GHSA-mfj5-cf8g-g2fv","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:04:19Z/"}],"url":"https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1078","reference_id":"RHSA-2025:1078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1078"}],"weaknesses":[{"cwe_id":287,"name":"Improper Authentication","description":"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"8.1 - 10.0","exploitability":"0.5","weighted_severity":"9.0","risk_score":4.5,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-su1f-sa1r-e7gp"}