GHSA-pqwh-44jj-p5rm, CVE-2013-4366
maven/org.apache.httpcomponents/httpclient
Improper Input Validation
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
All versions starting from 4.3 before 4.3.1
Upgrade to version 4.3.1 or above.
2022-06-10
source |