This vulnerability is potentially used
```
com.visualpathit.account.utils.ElasticsearchUtil (Application)
-> org.elasticsearch.transport.client.PreBuiltTransportClient (Extension)
-> org.elasticsearch.index.reindex.ReindexPlugin (Extension)
-> org.elasticsearch.index.reindex.TransportReindexAction (Extension)
-> org.elasticsearch.client.RestClient (Extension)
-> ❌ org.apache.http.client.utils.URIBuilder (Vulnerable Component)
```
Vulnerability Details
Apache httpclient before 4.5.3 are vulnerable to Directory Traversal. The user-provided path was able to override the specified host, resulting in giving network access to a sensitive environment.
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
WS-2017-3734 - Medium Severity Vulnerability
HttpComponents Client
Path to dependency file: /pom.xml
Path to vulnerable library: /Users/alexmaybaum/.m2/repository/org/apache/httpcomponents/httpclient/4.3.6/httpclient-4.3.6.jar
Dependency Hierarchy: - spring-rabbit-1.7.1.RELEASE.jar (Root Library) - http-client-1.1.1.RELEASE.jar - :x: **httpclient-4.3.6.jar** (Vulnerable Library)
Found in HEAD commit: 9c6901108cf0138889fa46846fabfcb78828d070
Found in base branch: vp-rem
Reachability Analysis(Reachable)
This vulnerability is potentially used ``` com.visualpathit.account.utils.ElasticsearchUtil (Application) -> org.elasticsearch.transport.client.PreBuiltTransportClient (Extension) -> org.elasticsearch.index.reindex.ReindexPlugin (Extension) -> org.elasticsearch.index.reindex.TransportReindexAction (Extension) -> org.elasticsearch.client.RestClient (Extension) -> ❌ org.apache.http.client.utils.URIBuilder (Vulnerable Component) ```
Apache httpclient before 4.5.3 are vulnerable to Directory Traversal. The user-provided path was able to override the specified host, resulting in giving network access to a sensitive environment.
Publish Date: 2017-01-21
URL: WS-2017-3734
Base Score Metrics not available
Type: Upgrade version
Origin: https://issues.apache.org/jira/browse/HTTPCLIENT-1803
Release Date: 2017-01-21
Fix Resolution: org.apache.httpcomponents:httpclient:4.5.3