You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "Xiaobin Dai (Jira)" <ji...@apache.org> on 2021/03/16 14:11:00 UTC
[jira] [Created] (SOLR-15270) upgrade httpclient to address
CVE-2020-13956
Xiaobin Dai created SOLR-15270:
----------------------------------
Summary: upgrade httpclient to address CVE-2020-13956
Key: SOLR-15270
URL: https://issues.apache.org/jira/browse/SOLR-15270
Project: Solr
Issue Type: Task
Security Level: Public (Default Security Level. Issues are Public)
Components: security
Affects Versions: 8.8.1
Reporter: Xiaobin Dai
According to CVE-2020-13956 [https://nvd.nist.gov/vuln/detail/CVE-2020-13956]
{code:java}
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can
misinterpret malformed authority component in request URIs passed to
the library as java.net.URI object and pick the wrong target host for
request execution.
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)