Asynchttpclient Project Async-http-client — known CVE vulnerabilities
Every CVE whose affected-product data names Asynchttpclient Project Async-http-client, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2017-14063 — CVSS 7.5 (high): Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by…
CVE-2023-0040 — CVSS 7.5 (high): Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This…
CVE-2026-45300 — CVSS 7.4 (high): The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses…