consul-api icon indicating copy to clipboard operation
consul-api copied to clipboard

Published 20 hours ago verified publisher icon Ecwid

CVE-2020-13956 Upgrade HttpClient and HttpCore

Open zwscn2014 opened this issue 4 years ago • 3 comments

Hi. It's been reported at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956 that Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. Can you please upgrade HttpClient to 4.5.13 at https://github.com/Ecwid/consul-api/blob/master/build.gradle#L15 ? Also as a compile dependency, please upgrade HttpCore to 4.4.13 at https://github.com/Ecwid/consul-api/blob/master/build.gradle#L14.

zwscn2014 avatar Jan 26 '21 02:01 zwscn2014

Is there an ETA on this?

anton-zen avatar Feb 24 '22 06:02 anton-zen

There's an existing PR https://github.com/Ecwid/consul-api/pull/221

anton-zen avatar Mar 04 '22 00:03 anton-zen

Any chance of this getting merged and a new release built?

yeroc avatar Jul 26 '22 16:07 yeroc