Dependency org.apache.httpcomponents:httpclient, leading to CVE problem #1208
Labels
CVE
Common Vulnerabilities and Exposures
dependencies
Pull requests that update a dependency (library)
Hi, In deegree3-deegree/deegree-core/deegree-core-commons,there is a dependency org.apache.httpcomponents:httpclient:4.3.6 that calls the risk method.
CVE-2020-13956
The scope of this CVE affected version is [,4.5.13)
After further analysis, in this project, the main Api called is <org.apache.http.client.utils.URIUtils: org.apache.http.HttpHost extractHost(java.net.URI)>
Risk method repair link : GitHub
CVE Bug Invocation Path--
Path Length : 5
Dependency tree--
Suggested solutions:
Update dependency version
Thank you very much.
The text was updated successfully, but these errors were encountered: