AsyncHttpClient Library Security Update Advisory (CVE-2024-53990)

Dec 04 2024

Overview

An update has been released to address vulnerabilities in AsyncHttpClient Library. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-53990

AsyncHttpClient version: 3.0.0

Resolved Vulnerabilities

Vulnerability in the AsyncHttpClient (AHC) library where an automatically managed CookieStore could replace a cookie with the same name, resulting in cookie mixing between users (CVE-2024-53990)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-53990

AsyncHttpClient version: 3.0.1

Referenced Sites

[1] CVE-2024-53990 Detail

https://nvd.nist.gov/vuln/detailCVE-2024-53990

[2] `CookieStore` replaces explicitly defined `Cookie`s

https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv

AsyncHttpClient Library Security Update Advisory (CVE-2024-53990)

Billion Electric Router Security Update Advisory (CVE-2024-11980)

IBM Product Security Update Advisory

Tags:

Billion Electric Router Security Update Advisory (CVE-2024-11980)

IBM Product Security Update Advisory