It might be https://issues.apache.org/jira/browse/CODEC-134
Gary On Tue, Sep 22, 2020 at 11:19 AM De Zhi Mou <dz...@hcl.com> wrote: > Hi, > > Our product received this vulnerability, apache-commons-codec-info-disc > (177835). > In the advisory references, there is a link to > https://www.whitesourcesoftware.com/vulnerability-database/WS-2019-0379 > which says Apache commons-codec before version “commons-codec-1.13-RC1” is > vulnerable to information disclosure due to Improper Input validation. > > We want to know what kind of improper input validation would cause the > vulnerability. I look through all the references but cannot get that > information. Are there any examples or testing codes? > We do not directly use codec in our product, but we use HttpClient, which > requires codec. Are we still vulnerable or not in this case? > > Really appreciate for your help. Thanks. > > > Regards, > Paul > ----------------------- > Paul ( DeZhi Mou, 牟德志) > ClearQuest/Traxiem Software Engineer > HCL Software > > ::DISCLAIMER:: > ________________________________ > The contents of this e-mail and any attachment(s) are confidential and > intended for the named recipient(s) only. E-mail transmission is not > guaranteed to be secure or error-free as information could be intercepted, > corrupted, lost, destroyed, arrive late or incomplete, or may contain > viruses in transmission. The e mail and its contents (with or without > referred errors) shall therefore not attach any liability on the originator > or HCL or its affiliates. Views or opinions, if any, presented in this > email are solely those of the author and may not necessarily reflect the > views or opinions of HCL or its affiliates. Any form of reproduction, > dissemination, copying, disclosure, modification, distribution and / or > publication of this message without the prior written consent of authorized > representative of HCL is strictly prohibited. If you have received this > email in error please delete it and notify the sender immediately. Before > opening any email and/or attachments, please check them for viruses and > other defects. > ________________________________ >