You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Xiaobin Dai (Jira)" <ji...@apache.org> on 2021/03/16 14:11:00 UTC

[jira] [Created] (SOLR-15270) upgrade httpclient to address CVE-2020-13956

Xiaobin Dai created SOLR-15270:
----------------------------------

             Summary: upgrade httpclient to address CVE-2020-13956
                 Key: SOLR-15270
                 URL: https://issues.apache.org/jira/browse/SOLR-15270
             Project: Solr
          Issue Type: Task
      Security Level: Public (Default Security Level. Issues are Public)
          Components: security
    Affects Versions: 8.8.1
            Reporter: Xiaobin Dai


According to CVE-2020-13956 [https://nvd.nist.gov/vuln/detail/CVE-2020-13956]
{code:java}
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can
misinterpret malformed authority component in request URIs passed to
the library as java.net.URI object and pick the wrong target host for
request execution.
{code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)