You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (Jira)" <ji...@apache.org> on 2022/10/03 14:01:00 UTC
[jira] [Resolved] (HTTPCLIENT-2237) CWE-20 : httpclient-osgi-4.5.13.jar (shaded: commons-codec:commons-codec:1.11)
[ https://issues.apache.org/jira/browse/HTTPCLIENT-2237?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski resolved HTTPCLIENT-2237.
-------------------------------------------
Resolution: Information Provided
> CWE-20 : httpclient-osgi-4.5.13.jar (shaded: commons-codec:commons-codec:1.11)
> -------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-2237
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2237
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Affects Versions: 4.5.13
> Reporter: Aravindhan
> Priority: Major
>
> Currently our application is using httpclient-osgi-4.5.13.jar. Even when we upgraded the commons-codec jar to 1.14 as part of compile time dependency, we noticed the commons-codec version 1.11 is part of the httpclient-osgi fat jar. Hence the security vulnerability CWE-20 is flagged and we noticed this is the latest available version as well in maven repo.
> Can you kindly help to provide an remediation for the above vulnerability at the earliest ?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org