admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-539xx/CVE-2024-53990.json
cad-safe-bot 627729c313 Auto-Update: 2025-03-02T03:00:19.570958+00:00
2025-03-02 03:03:52 +00:00

94 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-53990",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-12-02T18:15:11.753",
"lastModified": "2024-12-02T18:15:11.753",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore (aka cookie jar) will silently replace explicitly defined Cookies with any that have the same name from the cookie jar. For services that operate with multiple users, this can result in one user's Cookie being used for another user's requests."
},
{
"lang": "es",
"value": "La librer\u00eda AsyncHttpClient (AHC) permite que las aplicaciones Java ejecuten f\u00e1cilmente solicitudes HTTP y procesen de forma asincr\u00f3nica las respuestas HTTP. Al realizar una solicitud HTTP, el CookieStore (tambi\u00e9n conocido como contenedor de cookies) habilitado autom\u00e1ticamente y autoadministrado reemplazar\u00e1 silenciosamente las Cookies definidas expl\u00edcitamente por cualquier cookie que tenga el mismo nombre del contenedor de cookies. En el caso de los servicios que funcionan con varios usuarios, esto puede provocar que la Cookie de un usuario se utilice para las solicitudes de otro usuario."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/AsyncHttpClient/async-http-client/commit/d5a83362f7aed81b93ebca559746ac9be0f95425",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/AsyncHttpClient/async-http-client/issues/1964",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/AsyncHttpClient/async-http-client/pull/2033",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv",
"source": "security-advisories@github.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink