Description
Apache HttpClient 4.5.13 currently depends on Apache Commons Codec 1.11 which is vulnerable to WS-2019-0379.
https://github.com/apache/httpcomponents-client/blob/rel/v4.5.13/pom.xml#L71
The issue has been resolved in Apache Commons Codec 1.13 (CODEC-134).
Attachments
Issue Links
- duplicates
-
HTTPCLIENT-2072 Security vulnerability with apache commons-code 1.11, upgrade to 1.13
- Closed
- is caused by
-
CODEC-134 Base32 would decode some invalid Base32 encoded string into arbitrary value
- Resolved