[jira] [Updated] (HDDS-4464) Upgrade httpclient version due to CVE-2020-13956

Tsz-wo Sze (Jira) Sat, 14 Nov 2020 06:33:23 -0800


     [ 
https://issues.apache.org/jira/browse/HDDS-4464?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Tsz-wo Sze updated HDDS-4464:
-----------------------------
    Summary: Upgrade httpclient version due to CVE-2020-13956  (was: Upgrade 
httpclient version to CVE-2020-13956)

> Upgrade httpclient version due to CVE-2020-13956
> ------------------------------------------------
>
>                 Key: HDDS-4464
>                 URL: https://issues.apache.org/jira/browse/HDDS-4464
>             Project: Hadoop Distributed Data Store
>          Issue Type: Bug
>            Reporter: Tsz-wo Sze
>            Assignee: Tsz-wo Sze
>            Priority: Major
>              Labels: pull-request-available
>
> According to  CVE-2020-13956 
> https://www.openwall.com/lists/oss-security/2020/10/08/4 ,
> {quote}
> Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can
> misinterpret malformed authority component in request URIs passed to
> the library as java.net.URI object and pick the wrong target host for
> request execution.  
> {quote}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (HDDS-4464) Upgrade httpclient version due to CVE-2020-13956

Reply via email to