*Severity:* Moderate *Affected Versions:*
- Apache HttpClient 5.4.x *(Earlier versions are unaffected.)* *Description:* A bug in Apache HttpClient 5.4.x effectively disables Public Suffix List (PSL) validation, impacting cookie management and host name verification. This may lead to unauthorized access or information disclosure. Users are advised to upgrade to *Apache HttpClient 5.4.3*, which includes a fix for this issue. *Credit:* Discovered by the Apache HttpClient team. Fix contributed by Joe Gallo. *References:* - Introduction PR #574: https://github.com/apache/httpcomponents-client/pull/574 - Fix PR #621: https://github.com/apache/httpcomponents-client/pull/621 - Apache HttpClient Project: https://hc.apache.org/httpcomponents-client-5.4.x/ - CVE Record (once public): https://www.cve.org/CVERecord?id=CVE-2025-27820 Best regards, Arturo
