CentOS Linux 8 Stream Repo installs a vulnerable version of maven 3.6.
A dependency in the Maven bundle is affected by a vulnerability (CVE-2020-13956)
- apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)
Vulnerable package installed : httpcomponents-client-4.5.5-5.module_el8.6.0+1030+8d97e896
Should be : httpcomponents-client-4.5.10-4.module_el8.6.0
Vulnerable package installed : maven-3.5.4-5.module_el8.6.0+1030+8d97e896
Should be : maven-3.6.2-7.module_el8.6.0
Vulnerable package installed : maven-lib-3.5.4-5.module_el8.6.0+1030+8d97e896
Should be : maven-lib-3.6.2-7.module_el8.6.0
CentOS Linux 8 Stream Repo installs a vulnerable version of maven 3.6. A dependency in the Maven bundle is affected by a vulnerability (CVE-2020-13956)
- apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)
Vulnerable package installed : httpcomponents-client-4.5.5-5.module_el8.6.0+1030+8d97e896 Should be : httpcomponents-client-4.5.10-4.module_el8.6.0
Vulnerable package installed : maven-3.5.4-5.module_el8.6.0+1030+8d97e896 Should be : maven-3.6.2-7.module_el8.6.0
Vulnerable package installed : maven-lib-3.5.4-5.module_el8.6.0+1030+8d97e896 Should be : maven-lib-3.6.2-7.module_el8.6.0