[jira] [Created] (HDDS-4464) Upgrade httpclient version due to CVE-2020-13956

Tsz-wo Sze (Jira) Sat, 14 Nov 2020 02:36:03 -0800

Tsz-wo Sze created HDDS-4464:
--------------------------------

             Summary: Upgrade httpclient version due to CVE-2020-13956
                 Key: HDDS-4464
                 URL: https://issues.apache.org/jira/browse/HDDS-4464
             Project: Hadoop Distributed Data Store
          Issue Type: Bug
            Reporter: Tsz-wo Sze
            Assignee: Tsz-wo Sze



According to  CVE-2020-13956 
https://www.openwall.com/lists/oss-security/2020/10/08/4 ,
{quote}
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can
misinterpret malformed authority component in request URIs passed to
the library as java.net.URI object and pick the wrong target host for
request execution.  
{quote}




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (HDDS-4464) Upgrade httpclient version due to CVE-2020-13956

Reply via email to