Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Asynchttpclient Project Subscribe
Filtered by product Async-http-client
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-14063 1 Asynchttpclient Project 1 Async-http-client 2024-02-04 5.0 MEDIUM 7.5 HIGH
Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8 java.net.URL.