WS-2017-3734 (Medium) detected in httpclient-4.5.2.jar

[mend-bolt-for-github[bot]]

WS-2017-3734 - Medium Severity Vulnerability

Vulnerable Library - httpclient-4.5.2.jar

Apache HttpComponents Client

Library home page: http://hc.apache.org/httpcomponents-client

Path to vulnerable library: /root/.gradle/caches/modules-2/files-2.1/org.apache.httpcomponents/httpclient/4.5.2/733db77aa8d9b2d68015189df76ab06304406e50/httpclient-4.5.2.jar,/root/.gradle/caches/modules-2/files-2.1/org.apache.httpcomponents/httpclient/4.5.2/733db77aa8d9b2d68015189df76ab06304406e50/httpclient-4.5.2.jar,le/caches/modules-2/files-2.1/org.apache.httpcomponents/httpclient/4.5.2/733db77aa8d9b2d68015189df76ab06304406e50/httpclient-4.5.2.jar

Dependency Hierarchy: - :x: **httpclient-4.5.2.jar** (Vulnerable Library)

Found in HEAD commit: 4057e364d8f0e9a2d440890a01e74a338ec8ffbd

Vulnerability Details

Apache httpclient before 4.5.3 are vulnerable to Directory Traversal. The user-provided path was able to override the specified host, resulting in giving network access to a sensitive environment.

Publish Date: 2019-05-30

URL: WS-2017-3734

CVSS 2 Score Details (5.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://issues.apache.org/jira/browse/HTTPCLIENT-1803

Release Date: 2019-05-30

Fix Resolution: org.apache.httpcomponents.core5:httpcore5:4.5.3

---

Step up your Open Source Security Game with WhiteSource here

[github-actions[bot]]

Stale issue message