Uploaded image for project: 'Apache Ozone'
  1. Apache Ozone
  2. HDDS-4464

Upgrade httpclient version due to CVE-2020-13956

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None

      Description

      According to CVE-2020-13956 https://www.openwall.com/lists/oss-security/2020/10/08/4 ,

      Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can
      misinterpret malformed authority component in request URIs passed to
      the library as java.net.URI object and pick the wrong target host for
      request execution.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                szetszwo Tsz-wo Sze
                Reporter:
                szetszwo Tsz-wo Sze
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: