Debian/async-http-client — 4 CVEs

HIGH7.4CVE-2026-45300async-http-client: Cookie header not stripped on cross-origin redirect

from 0

MEDIUM6.8CVE-2026-40490AsyncHttpClient leaks authorization credentials to untrusted domains on cross-origin redirects

from 0

—CVE-2024-53990AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s

from 0

—Insufficient Verification of Data Authenticity in Async Http Client

from 0, < 1.6.5-3

pkg:Debian/async-http-client