You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The scope of this CVE affected version is [,4.5.13)
After further analysis, in this project, the main Api called is <org.apache.http.client.utils.URIUtils: org.apache.http.HttpHost extractHost(java.net.URI)>
<org.apache.http.client.utils.URIUtils: org.apache.http.HttpHost extractHost(java.net.URI)>
at <org.apache.http.impl.client.CloseableHttpClient: org.apache.http.HttpHost determineTarget(org.apache.http.client.methods.HttpUriRequest)> (org.apache.http.impl.client.CloseableHttpClient.java:[92]) in /home/wc/.m2/repository/org/apache/httpcomponents/httpclient/4.3/httpclient-4.3.jar
at <org.apache.http.impl.client.CloseableHttpClient: org.apache.http.client.methods.CloseableHttpResponse execute(org.apache.http.client.methods.HttpUriRequest,org.apache.http.protocol.HttpContext)> (org.apache.http.impl.client.CloseableHttpClient.java:[82]) in /home/wc/.m2/repository/org/apache/httpcomponents/httpclient/4.3/httpclient-4.3.jar
at <com.alibaba.dingtalk.openapi.demo.utils.HttpHelper: com.alibaba.fastjson.JSONObject httpPost(java.lang.String,java.lang.Object)> (com.alibaba.dingtalk.openapi.demo.utils.HttpHelper.java:[94]) in /home/wc/detect/unzip/openapi-demo-java-master/target/classes
Hi, In openapi-demo-java,there is a dependency org.apache.httpcomponents:httpclient:4.3 that calls the risk method.
CVE-2020-13956
The scope of this CVE affected version is [,4.5.13)
After further analysis, in this project, the main Api called is <org.apache.http.client.utils.URIUtils: org.apache.http.HttpHost extractHost(java.net.URI)>
Risk method repair link : GitHub
CVE Bug Invocation Path--
Path Length : 4
Dependency tree--
Suggested solutions:
Update dependency version to 4.5.13 or higher
Thank you very much.
The text was updated successfully, but these errors were encountered: