pkg:maven/org.apache.httpcomponents/httpclient
Type
maven
Namespace
org.apache.httpcomponents
Name
httpclient
Known advisories, vulnerabilities and fixes for org.apache.httpcomponents/httpclient package.
Critical
1
High
1
Moderate
5
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 4.2.3 |
CVE-2012-6153
|
MAVEN:GHSA-2X83-R56G-CV47 | Improper certificate validation in org.apache.httpcomponents:httpclient | high |
2018-10-17T00:05:15
(6 years ago) |
|
Fixed | = 4.2.3 |
CVE-2012-6153
|
MAVEN:GHSA-2X83-R56G-CV47 | Improper certificate validation in org.apache.httpcomponents:httpclient | high |
2018-10-17T00:05:15
(6 years ago) |
|
Affected | >= 3.0, < 4.0 |
CVE-2012-5783
|
MAVEN:GHSA-3832-9276-X7GF | Improper Certificate Validation in apache HttpClient | moderate |
2022-05-13T01:10:34
(2 years ago) |
|
Fixed | = 4.0 |
CVE-2012-5783
|
MAVEN:GHSA-3832-9276-X7GF | Improper Certificate Validation in apache HttpClient | moderate |
2022-05-13T01:10:34
(2 years ago) |
|
Affected | >= 5.0.0, < 5.0.3 < 4.5.13 |
CVE-2020-13956
|
MAVEN:GHSA-7R82-7XV7-XCPJ | Cross-site scripting in Apache HttpClient | moderate |
2021-06-03T23:40:23
(3 years ago) |
|
Fixed | = 5.0.3 = 4.5.13 |
CVE-2020-13956
|
MAVEN:GHSA-7R82-7XV7-XCPJ | Cross-site scripting in Apache HttpClient | moderate |
2021-06-03T23:40:23
(3 years ago) |
|
Affected | < 4.3.5 |
CVE-2014-3577
|
MAVEN:GHSA-CFH5-3GHH-WFJX | Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient | moderate |
2018-10-17T00:05:06
(6 years ago) |
|
Fixed | = 4.3.5 |
CVE-2014-3577
|
MAVEN:GHSA-CFH5-3GHH-WFJX | Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient | moderate |
2018-10-17T00:05:06
(6 years ago) |
|
Affected | < 4.3.6 |
CVE-2015-5262
|
MAVEN:GHSA-FMJ5-WV96-R2CH | Denial of service vulnerability in org.apache.httpcomponents:httpclient | moderate |
2018-10-17T00:05:29
(6 years ago) |
|
Fixed | = 4.3.6 |
CVE-2015-5262
|
MAVEN:GHSA-FMJ5-WV96-R2CH | Denial of service vulnerability in org.apache.httpcomponents:httpclient | moderate |
2018-10-17T00:05:29
(6 years ago) |
|
Affected | >= 4.0.0, < 4.1.1 |
CVE-2011-1498
|
MAVEN:GHSA-GW85-4GMF-M7RH | Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient | moderate |
2022-05-17T05:39:03
(2 years ago) |
|
Fixed | = 4.1.1 |
CVE-2011-1498
|
MAVEN:GHSA-GW85-4GMF-M7RH | Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient | moderate |
2022-05-17T05:39:03
(2 years ago) |
|
Affected | >= 4.3, < 4.3.1 |
CVE-2013-4366
|
MAVEN:GHSA-PQWH-44JJ-P5RM | Hostname verification in Apache HttpClient 4.3 was disabled by default | critical |
2022-05-13T01:25:03
(2 years ago) |
|
Fixed | = 4.3.1 |
CVE-2013-4366
|
MAVEN:GHSA-PQWH-44JJ-P5RM | Hostname verification in Apache HttpClient 4.3 was disabled by default | critical |
2022-05-13T01:25:03
(2 years ago) |