Pickypg

**Name of the Vulnerable Software and Affected Versions** AsyncHttpClient versions prior to 3.0.1 **Description** The AsyncHttpClient library has an issue where the automatically enabled and self-managed CookieStore silently replaces explicitly defined Cookies with any that have the same name from the cookie jar. This can result in one user's Cookie being used for another user's requests in services that operate with multiple users. The vulnerability can lead to unauthorized access to protected information. **Recommendations** For versions prior to 3.0.1, upgrade to version 3.0.1 to mitigate the risks. As a temporary workaround, consider disabling the CookieStore during client creation by setting the cookie store to null, for example: ```java DefaultAsyncHttpClientConfig.Builder clientBuilder = Dsl.config() .setCookieStore(null) // other configuration ;```