CVE-2020-13956

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-13956

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13956.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-13956

Aliases

GHSA-7r82-7xv7-xcpj

Downstream

DEBIAN-CVE-2020-13956

DLA-2405-1

DSA-4772-1

MINI-96gq-v32h-ccjh

RHSA-2021:0246

RHSA-2021:0247

RHSA-2021:0248

RHSA-2022:0722

RHSA-2022:1860

RHSA-2022:1861

SUSE-SU-2024:4036-1

UBUNTU-CVE-2020-13956

USN-5239-1

openSUSE-SU-2024:10687-1

openSUSE-SU-2024:14478-1

Related

Published

2020-12-02T17:15:14Z

Modified

2025-10-23T03:34:32Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

References

Affected packages

Git / github.com/apache/httpcomponents-client

Affected ranges

Type: GIT
Repo: https://github.com/apache/httpcomponents-client
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

dd76cf91c8f9125c7e0e29770622271f9417b46d

Git / github.com/apache/httpcomponents-client

Affected ranges

Type: GIT
Repo: https://github.com/quarkusio/quarkus
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0d3bd38a509e1a0423e41bfd974ca4924e5a7835