Debian 12 — async-http-client — multiple vulnerabilities (3 CVEs) — patch and remediation guide
🟡 Medium ⏱ 10–30 min Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read • Source: Debian Security Tracker Related CVEs: CVE-2013-7397 CVE-2024-53990 CVE-2026-40490 Upstream summary: Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are […]