Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2022-1860

Опубликовано: 17 мая 2022
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2022-1860: maven:3.6 security and enhancement update (MODERATE)

httpcomponents-client [4.5.10-4]

  • Fix incorrect handling of malformed authority component in request URIs
  • Resolves: CVE-2020-13956

maven [1:3.6.2-7]

  • Add maven-openjdk17
  • Resolves: rhbz#1991521

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module maven:3.6 is enabled

aopalliance

1.0-20.module+el8.6.0+20615+edd0bff8

apache-commons-cli

1.4-7.module+el8.6.0+20615+edd0bff8

apache-commons-codec

1.13-3.module+el8.6.0+20615+edd0bff8

apache-commons-io

2.6-6.module+el8.6.0+20615+edd0bff8

apache-commons-lang3

3.9-4.module+el8.6.0+20615+edd0bff8

atinject

1-31.20100611svn86.module+el8.6.0+20615+edd0bff8

cdi-api

2.0.1-3.module+el8.6.0+20615+edd0bff8

geronimo-annotation

1.0-26.module+el8.6.0+20615+edd0bff8

google-guice

4.2.2-4.module+el8.6.0+20615+edd0bff8

guava

28.1-3.module+el8.6.0+20615+edd0bff8

httpcomponents-client

4.5.10-4.module+el8.6.0+20615+edd0bff8

httpcomponents-core

4.4.12-3.module+el8.6.0+20615+edd0bff8

jansi

1.18-4.module+el8.6.0+20615+edd0bff8

jcl-over-slf4j

1.7.28-3.module+el8.6.0+20615+edd0bff8

jsoup

1.12.1-3.module+el8.6.0+20615+edd0bff8

jsr-305

0-0.25.20130910svn.module+el8.6.0+20615+edd0bff8

maven

3.6.2-7.module+el8.6.0+20615+edd0bff8

maven-lib

3.6.2-7.module+el8.6.0+20615+edd0bff8

maven-openjdk11

3.6.2-7.module+el8.6.0+20615+edd0bff8

maven-openjdk17

3.6.2-7.module+el8.6.0+20615+edd0bff8

maven-openjdk8

3.6.2-7.module+el8.6.0+20615+edd0bff8

maven-resolver

1.4.1-3.module+el8.6.0+20615+edd0bff8

maven-shared-utils

3.2.1-0.4.module+el8.6.0+20615+edd0bff8

maven-wagon

3.3.4-2.module+el8.6.0+20615+edd0bff8

plexus-cipher

1.7-17.module+el8.6.0+20615+edd0bff8

plexus-classworlds

2.6.0-4.module+el8.6.0+20615+edd0bff8

plexus-containers-component-annotations

2.1.0-2.module+el8.6.0+20615+edd0bff8

plexus-interpolation

1.26-3.module+el8.6.0+20615+edd0bff8

plexus-sec-dispatcher

1.4-29.module+el8.6.0+20615+edd0bff8

plexus-utils

3.3.0-3.module+el8.6.0+20615+edd0bff8

sisu

0.3.4-2.module+el8.6.0+20615+edd0bff8

slf4j

1.7.28-3.module+el8.6.0+20615+edd0bff8

Oracle Linux x86_64

Module maven:3.6 is enabled

aopalliance

1.0-20.module+el8.6.0+20615+edd0bff8

apache-commons-cli

1.4-7.module+el8.6.0+20615+edd0bff8

apache-commons-codec

1.13-3.module+el8.6.0+20615+edd0bff8

apache-commons-io

2.6-6.module+el8.6.0+20615+edd0bff8

apache-commons-lang3

3.9-4.module+el8.6.0+20615+edd0bff8

atinject

1-31.20100611svn86.module+el8.6.0+20615+edd0bff8

cdi-api

2.0.1-3.module+el8.6.0+20615+edd0bff8

geronimo-annotation

1.0-26.module+el8.6.0+20615+edd0bff8

google-guice

4.2.2-4.module+el8.6.0+20615+edd0bff8

guava

28.1-3.module+el8.6.0+20615+edd0bff8

httpcomponents-client

4.5.10-4.module+el8.6.0+20615+edd0bff8

httpcomponents-core

4.4.12-3.module+el8.6.0+20615+edd0bff8

jansi

1.18-4.module+el8.6.0+20615+edd0bff8

jcl-over-slf4j

1.7.28-3.module+el8.6.0+20615+edd0bff8

jsoup

1.12.1-3.module+el8.6.0+20615+edd0bff8

jsr-305

0-0.25.20130910svn.module+el8.6.0+20615+edd0bff8

maven

3.6.2-7.module+el8.6.0+20615+edd0bff8

maven-lib

3.6.2-7.module+el8.6.0+20615+edd0bff8

maven-openjdk11

3.6.2-7.module+el8.6.0+20615+edd0bff8

maven-openjdk17

3.6.2-7.module+el8.6.0+20615+edd0bff8

maven-openjdk8

3.6.2-7.module+el8.6.0+20615+edd0bff8

maven-resolver

1.4.1-3.module+el8.6.0+20615+edd0bff8

maven-shared-utils

3.2.1-0.4.module+el8.6.0+20615+edd0bff8

maven-wagon

3.3.4-2.module+el8.6.0+20615+edd0bff8

plexus-cipher

1.7-17.module+el8.6.0+20615+edd0bff8

plexus-classworlds

2.6.0-4.module+el8.6.0+20615+edd0bff8

plexus-containers-component-annotations

2.1.0-2.module+el8.6.0+20615+edd0bff8

plexus-interpolation

1.26-3.module+el8.6.0+20615+edd0bff8

plexus-sec-dispatcher

1.4-29.module+el8.6.0+20615+edd0bff8

plexus-utils

3.3.0-3.module+el8.6.0+20615+edd0bff8

sisu

0.3.4-2.module+el8.6.0+20615+edd0bff8

slf4j

1.7.28-3.module+el8.6.0+20615+edd0bff8

Связанные CVE

CVE-2020-13956

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2020-13956

CVSS3: 5.3
ubuntu
больше 4 лет назад

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

redhat логотип

CVE-2020-13956

CVSS3: 5.3
redhat
почти 5 лет назад

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

nvd логотип

CVE-2020-13956

CVSS3: 5.3
nvd
больше 4 лет назад

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

debian логотип

CVE-2020-13956

CVSS3: 5.3
debian
больше 4 лет назад

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misin ...

suse-cvrf логотип

SUSE-SU-2024:4036-1

suse-cvrf
9 месяцев назад

Security update for httpcomponents-client, httpcomponents-core