According to CVE-2020-13956 https://nvd.nist.gov/vuln/detail/CVE-2020-13956
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
SOLR-15270 upgrade httpclient to address CVE-2020-13956
- is related to
SOLR-15002 Upgrade HttpClient to 4.5.13
- links to