Vulnerabilities

 1 via 1 paths

Dependencies

 8

Source

 GitHub

Commit

 03b38ea2

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

Improper Certificate Validation

  • Vulnerable module: org.apache.httpcomponents.client5:httpclient5
  • Introduced through: org.apache.httpcomponents.client5:httpclient5@5.4.2

Detailed paths

  • Introduced through: dwp/https-common-client-utility@dwp/https-common-client-utility#03b38ea22441df809d1b07b68047c5dd32130bd2 org.apache.httpcomponents.client5:httpclient5@5.4.2
    Remediation: Upgrade to org.apache.httpcomponents.client5:httpclient5@5.4.3.

Overview

org.apache.httpcomponents.client5:httpclient5 is a HttpClient component of the Apache HttpComponents project.

Affected versions of this package are vulnerable to Improper Certificate Validation due to a bug in the validation logic of the Public Suffix List, which allows attackers to manipulate cookie management and host name verification, leading to unauthorized access or information disclosure.

Remediation

Upgrade org.apache.httpcomponents.client5:httpclient5 to version 5.4.3 or higher.

References

Improper Certificate Validation vulnerability report