You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Oleg Kalnichevski (Jira)" <ji...@apache.org> on 2022/10/03 14:01:00 UTC

[jira] [Resolved] (HTTPCLIENT-2237) CWE-20 : httpclient-osgi-4.5.13.jar (shaded: commons-codec:commons-codec:1.11)

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-2237?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Kalnichevski resolved HTTPCLIENT-2237.
-------------------------------------------
    Resolution: Information Provided

> CWE-20 : httpclient-osgi-4.5.13.jar (shaded: commons-codec:commons-codec:1.11) 
> -------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-2237
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2237
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>    Affects Versions: 4.5.13
>            Reporter: Aravindhan
>            Priority: Major
>
> Currently our application is using  httpclient-osgi-4.5.13.jar.  Even when we upgraded the commons-codec jar to 1.14 as part of compile time dependency, we noticed the commons-codec version 1.11 is part of the httpclient-osgi fat jar. Hence the security vulnerability CWE-20 is flagged and we noticed this is the latest available version as well in maven repo. 
> Can you kindly help to provide an remediation for the above vulnerability at the earliest ? 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org