Skip to content
This repository was archived by the owner on Dec 4, 2023. It is now read-only.
This repository was archived by the owner on Dec 4, 2023. It is now read-only.

Update httpclient to avoid security vulnerability #842

Closed
#847
Closed
Update httpclient to avoid security vulnerability#842
#847
Assignees
tracyboehrer
Labels
Area: SDKGeneral SDK issues that don't clearly map to other areas (e.g.: helper methods)P0Must Fix. Release-blockertechnical-debtRefactoring, follow best practices, improve test coverage, etc.
Milestone
R12
@brandom-msft

Description

@brandom-msft
brandom-msft
opened on Nov 18, 2020

Is your feature request related to a problem? Please describe.
Apache httpclient before 4.5.3 are vulnerable to Directory Traversal. The user-provided path was able to override the specified host, resulting in giving network access to a sensitive environment.

Describe the solution you'd like
Upgrade to version org.apache.httpcomponents:httpclient:4.5.3

Additional context
This was filed based on a component governance alert we received in ADO (#2785513). Please reach out to brianem or brandom @microsoft and we can link you directly.

https://issues.apache.org/jira/browse/HTTPCLIENT-1803
apache/httpcomponents-client@0554271

Metadata

Metadata

Assignees

Labels

Area: SDKGeneral SDK issues that don't clearly map to other areas (e.g.: helper methods)P0Must Fix. Release-blockertechnical-debtRefactoring, follow best practices, improve test coverage, etc.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions