Closed peterrinehart closed 3 weeks ago
Description: Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Build command:
mvn clean verify -B -e -Daudit -Djs.no.sandbox -pl extensions
:ok_hand: All tests passed!
Tests run: 1576, Failures: 0, Skipped: 5 Test Results
:information_source: This is an automatic message
Quality Gate passed
Issues
0 New issues
1 Fixed issue
0 Accepted issues
Measures
0 Security Hotspots
No data about Coverage
No data about Duplication
See analysis details on SonarQube