Apache HttpClient have known vulnerabilities
akunzai opened this issue · 0 comments
akunzai commented
Issue Summary
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
Technical details:
- java-http-client version: 4.3.6
- java version: 1.8