QID 981175
QID 981175: Java (maven) Security Update for org.asynchttpclient:async-http-client (GHSA-93jq-624g-4p9p)
Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8 java.net.URL.
Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.
Solution
Customers are advised to refer to GHSA-93jq-624g-4p9p for updates pertaining to this vulnerability.
Vendor References
- GHSA-93jq-624g-4p9p -
github.com/advisories/GHSA-93jq-624g-4p9p
CVEs related to QID 981175
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-93jq-624g-4p9p | org.asynchttpclient:async-http-client |
|