GHSA-93jq-624g-4p9p

Source

https://github.com/advisories/GHSA-93jq-624g-4p9p

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-93jq-624g-4p9p/GHSA-93jq-624g-4p9p.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-93jq-624g-4p9p

Aliases

CVE-2017-14063

Published

2018-10-19T16:50:50Z

Modified

2024-03-14T05:32:17.618778Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Improper Input Validation in async-http-client

Details

Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8 java.net.URL.

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-20"
    ],
    "github_reviewed_at": "2020-06-16T21:27:19Z",
    "nvd_published_at": null,
    "severity": "HIGH"
}

References

Affected packages

Maven / org.asynchttpclient:async-http-client

Package

Name: org.asynchttpclient:async-http-client; View open source insights on deps.dev
Purl: pkg:maven/org.asynchttpclient/async-http-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.35

Affected versions

2.*

2.0.0-alpha13

2.0.0-alpha14

2.0.0-alpha15

2.0.0-alpha16

2.0.0-alpha17

2.0.0-alpha18

2.0.0-alpha19

2.0.0-alpha20

2.0.0-alpha21

2.0.0-alpha22

2.0.0-alpha23

2.0.0-alpha24

2.0.0-alpha25

2.0.0-alpha26

2.0.0-alpha27

2.0.0-RC1

2.0.0-RC2

2.0.0-RC3

2.0.0-RC4

2.0.0-RC5

2.0.0-RC6

2.0.0-RC7

2.0.0-RC8

2.0.0-RC9

2.0.0-RC10

2.0.0-RC11

2.0.0-RC12

2.0.0-RC13

2.0.0-RC14

2.0.0-RC15

2.0.0-RC16

2.0.0-RC17

2.0.0-RC18

2.0.0-RC19

2.0.0-RC20

2.0.0-RC21

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

2.0.19

2.0.20

2.0.21

2.0.22

2.0.23

2.0.24

2.0.25

2.0.26

2.0.27

2.0.28

2.0.29

2.0.30

2.0.31

2.0.32

2.0.33

2.0.34