Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-7946

Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.19.0
    • Component/s: None
    • Labels:
      None

      Description

      Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

        Attachments

          Activity

            People

            • Assignee:
              luoc Cong Luo
              Reporter:
              luoc Cong Luo
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: