CentOS 8 : maven:3.6 (CESA-2022:1860) and (CVE-2020-13956)

CentOS Linux 8 Stream Repo installs a vulnerable version of maven 3.6.
A dependency in the Maven bundle is affected by a vulnerability  (CVE-2020-13956)

**- apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)**

Vulnerable package installed : httpcomponents-client-4.5.5-5.module_el8.6.0+1030+8d97e896
Should be                : httpcomponents-client-4.5.10-4.module_el8.6.0

Vulnerable package installed : maven-3.5.4-5.module_el8.6.0+1030+8d97e896
Should be                : maven-3.6.2-7.module_el8.6.0

Vulnerable package installed : maven-lib-3.5.4-5.module_el8.6.0+1030+8d97e896
Should be                : maven-lib-3.6.2-7.module_el8.6.0



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CentOS 8 : maven:3.6 (CESA-2022:1860) and (CVE-2020-13956) #423

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CentOS 8 : maven:3.6 (CESA-2022:1860) and (CVE-2020-13956) #423

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions