Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
http-client project http-client vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-11021
Actions Http-Client (NPM @actions/http-client) before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header...
Http-client Project Http-client
4.3
CVSSv2
CVE-2013-7397
Async Http Client (aka AHC or async-http-client) prior to 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle malicious users to spoof HTTPS servers by presenting an arbitrary cert...
Redhat Jboss Fuse
Async-http-client Project Async-http-client
4.3
CVSSv2
CVE-2013-7398
main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) prior to 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle malicious users to spoof HTTPS servers via an a...
Async-http-client Project Async-http-client
Redhat Jboss Fuse
NA
CVE-2023-0040
Versions of Async HTTP Client before 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they p...
Asynchttpclient Project Async-http-client
6.8
CVSSv2
CVE-2020-10800
lix up to and including 15.8.7 allows man-in-the-middle malicious users to execute arbitrary code by modifying the HTTP client-server data stream so that the Location header is associated with attacker-controlled executable content in the postDownload field.
Lix Project Lix
7.1
CVSSv2
CVE-2017-16026
Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0.
Request Project Request
4.3
CVSSv2
CVE-2020-14930
An issue exists in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user accou...
Bt Ctroms Terminal Project Bt Ctroms Terminal -
7.1
CVSSv2
CVE-2017-16129
The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may re...
Superagent Project Superagent
2.1
CVSSv2
CVE-2017-15112
keycloak-httpd-client-install versions prior to 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.
Keycloak-httpd-client-install Project Keycloak-httpd-client-install
5
CVSSv2
CVE-2021-21240
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) ...
Httplib2 Project Httplib2
9 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »