CVE-2024-53990
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-53990
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53990.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-53990
- Aliases
- Downstream
- Related
- Published
- 2024-12-02T17:10:28Z
- Modified
- 2025-10-30T20:31:18.066435Z
- Severity
-
- 9.2 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s
- Details
-
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore (aka cookie jar) will silently replace explicitly defined Cookies with any that have the same name from the cookie jar. For services that operate with multiple users, this can result in one user's Cookie being used for another user's requests.
- Database specific
{ "cwe_ids": [ "CWE-287" ] }- References
-
- https://github.com/AsyncHttpClient/async-http-client/commit/d5a83362f7aed81b93ebca559746ac9be0f95425
- https://github.com/AsyncHttpClient/async-http-client/issues/1964
- https://github.com/AsyncHttpClient/async-http-client/pull/2033
- https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv
Affected packages
Git / github.com/asynchttpclient/async-http-client
Affected ranges
- Type
- GIT
- Repo
- https://github.com/asynchttpclient/async-http-client
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.0.0-alpha1
2.0.0-alpha2
2.0.0-alpha3
2.0.0-alpha4
2.0.0-alpha5
2.0.0-alpha6
2.0.0-alpha7
2.0.0-alpha8
async-http-client-1.*
async-http-client-1.0.0
async-http-client-1.1.0
async-http-client-1.2.0
async-http-client-1.3.0
async-http-client-1.3.1
async-http-client-1.3.2
async-http-client-1.4.0
async-http-client-1.4.1
async-http-client-1.5.0
async-http-client-1.6.0
async-http-client-1.6.1
async-http-client-1.6.2
async-http-client-1.6.3
async-http-client-1.6.4
async-http-client-1.7.0
async-http-client-1.7.0-RC1
async-http-client-1.7.1
async-http-client-1.7.2
async-http-client-1.7.3
async-http-client-1.7.4
async-http-client-1.7.5
async-http-client-project-2.*
async-http-client-project-2.0.0
async-http-client-project-2.0.0-RC1
async-http-client-project-2.0.0-RC10
async-http-client-project-2.0.0-RC11
async-http-client-project-2.0.0-RC12
async-http-client-project-2.0.0-RC13
async-http-client-project-2.0.0-RC14
async-http-client-project-2.0.0-RC15
async-http-client-project-2.0.0-RC16
async-http-client-project-2.0.0-RC17
async-http-client-project-2.0.0-RC18
async-http-client-project-2.0.0-RC19
async-http-client-project-2.0.0-RC2
async-http-client-project-2.0.0-RC20
async-http-client-project-2.0.0-RC21
async-http-client-project-2.0.0-RC3
async-http-client-project-2.0.0-RC4
async-http-client-project-2.0.0-RC5
async-http-client-project-2.0.0-RC6
async-http-client-project-2.0.0-RC7
async-http-client-project-2.0.0-RC8
async-http-client-project-2.0.0-RC9
async-http-client-project-2.0.0-alpha10
async-http-client-project-2.0.0-alpha11
async-http-client-project-2.0.0-alpha12
async-http-client-project-2.0.0-alpha13
async-http-client-project-2.0.0-alpha14
async-http-client-project-2.0.0-alpha15
async-http-client-project-2.0.0-alpha16
async-http-client-project-2.0.0-alpha17
async-http-client-project-2.0.0-alpha18
async-http-client-project-2.0.0-alpha19
async-http-client-project-2.0.0-alpha20
async-http-client-project-2.0.0-alpha21
async-http-client-project-2.0.0-alpha22
async-http-client-project-2.0.0-alpha23
async-http-client-project-2.0.0-alpha24
async-http-client-project-2.0.0-alpha25
async-http-client-project-2.0.0-alpha26
async-http-client-project-2.0.0-alpha27
async-http-client-project-2.0.0-alpha9
async-http-client-project-2.0.1
async-http-client-project-2.0.10
async-http-client-project-2.0.11
async-http-client-project-2.0.12
async-http-client-project-2.0.13
async-http-client-project-2.0.14
async-http-client-project-2.0.15
async-http-client-project-2.0.16
async-http-client-project-2.0.17
async-http-client-project-2.0.18
async-http-client-project-2.0.19
async-http-client-project-2.0.2
async-http-client-project-2.0.20
async-http-client-project-2.0.21
async-http-client-project-2.0.22
async-http-client-project-2.0.23
async-http-client-project-2.0.24
async-http-client-project-2.0.3
async-http-client-project-2.0.4
async-http-client-project-2.0.5
async-http-client-project-2.0.6
async-http-client-project-2.0.7
async-http-client-project-2.0.8
async-http-client-project-2.0.9
async-http-client-project-2.1.0
async-http-client-project-2.1.0-RC1
async-http-client-project-2.1.0-RC2
async-http-client-project-2.1.0-RC3
async-http-client-project-2.1.0-RC4
async-http-client-project-2.1.0-alpha10
async-http-client-project-2.1.0-alpha11
async-http-client-project-2.1.0-alpha12
async-http-client-project-2.1.0-alpha13
async-http-client-project-2.1.0-alpha14
async-http-client-project-2.1.0-alpha15
async-http-client-project-2.1.0-alpha16
async-http-client-project-2.1.0-alpha17
async-http-client-project-2.1.0-alpha18
async-http-client-project-2.1.0-alpha19
async-http-client-project-2.1.0-alpha2
async-http-client-project-2.1.0-alpha20
async-http-client-project-2.1.0-alpha21
async-http-client-project-2.1.0-alpha22
async-http-client-project-2.1.0-alpha23
async-http-client-project-2.1.0-alpha24
async-http-client-project-2.1.0-alpha25
async-http-client-project-2.1.0-alpha26
async-http-client-project-2.1.0-alpha3
async-http-client-project-2.1.0-alpha4
async-http-client-project-2.1.0-alpha5
async-http-client-project-2.1.0-alpha6
async-http-client-project-2.1.0-alpha7
async-http-client-project-2.1.0-alpha8
async-http-client-project-2.1.0-alpha9
async-http-client-project-2.1.1
async-http-client-project-2.1.2
async-http-client-project-2.10.0
async-http-client-project-2.10.1
async-http-client-project-2.10.2
async-http-client-project-2.10.3
async-http-client-project-2.10.4
async-http-client-project-2.10.5
async-http-client-project-2.11.0
async-http-client-project-2.12.0
async-http-client-project-2.12.1
async-http-client-project-2.12.2
async-http-client-project-2.12.3
async-http-client-project-2.2.0
async-http-client-project-2.2.1
async-http-client-project-2.3.0
async-http-client-project-2.4.0
async-http-client-project-2.4.1
async-http-client-project-2.4.2
async-http-client-project-2.4.3
async-http-client-project-2.4.4
async-http-client-project-2.4.5
async-http-client-project-2.4.6
async-http-client-project-2.4.7
async-http-client-project-2.4.8
async-http-client-project-2.4.9
async-http-client-project-2.5.0
async-http-client-project-2.5.1
async-http-client-project-2.5.2
async-http-client-project-2.5.3
async-http-client-project-2.5.4
async-http-client-project-2.6.0
async-http-client-project-2.7.0
async-http-client-project-2.8.0
async-http-client-project-2.8.1
async-http-client-project-2.9.0
async-http-client-project-3.*
async-http-client-project-3.0.0
async-http-client-project-3.0.0.Beta2
async-http-client-project-3.0.0.Beta3