Dependency org.apache.httpcomponents:httpclient, leading to CVE problem #1522

CVEDetect · 2022-10-12T07:22:12Z

Hi, In /designer/report-designer-extension-pentaho，there is a dependency org.apache.httpcomponents:httpclient:4.5.9 that calls the risk method.

CVE-2020-13956

The scope of this CVE affected version is [,4.5.13)

After further analysis, in this project, the main Api called is org.apache.http.client.utils.URIUtils: extractHost(java.net.URI)Lorg.apache.http.HttpHost

Risk method repair link : GitHub

CVE Bug Invocation Path--

Path Length : 5

org.pentaho.reporting.designer.core.versionchecker.VersionCheckerUtility$VersionCheckerRunnable: run()V /.m2/repository/org/pentaho/commons-xul-swing/9.4.0.0-SNAPSHOT/commons-xul-swing-9.4.0.0-SNAPSHOT.jar
org.pentaho.versionchecker.VersionChecker: performCheck(boolean)V  /.m2/repository/org/pentaho/commons-xul-swing/9.4.0.0-SNAPSHOT/commons-xul-swing-9.4.0.0-SNAPSHOT.jar
org.apache.http.impl.client.DecompressingHttpClient: execute(org.apache.http.client.methods.HttpUriRequest)Lorg.apache.http.HttpResponse; /.m2/repository/org/pentaho/commons-xul-swing/9.4.0.0-SNAPSHOT/commons-xul-swing-9.4.0.0-SNAPSHOT.jar
org.apache.http.impl.client.DecompressingHttpClient: getHttpHost(org.apache.http.client.methods.HttpUriRequest)Lorg.apache.http.HttpHost; /.m2/repository/org/pentaho/commons-xul-swing/9.4.0.0-SNAPSHOT/commons-xul-swing-9.4.0.0-SNAPSHOT.jar
org.apache.http.client.utils.URIUtils: extractHost(java.net.URI)Lorg.apache.http.HttpHost;

cd
Dependency tree--

[INFO] org.pentaho.reporting.designer:ext-pentaho:jar:9.4.0.0-SNAPSHOT
[INFO] +- org.pentaho.reporting.designer:report-designer:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- org.pentaho.reporting.library:configuration-editor:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- org.pentaho.reporting.library:libformula-ui:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- org.pentaho.reporting.library:libswing:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- org.pentaho.reporting.engine:classic-core:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- org.pentaho.reporting.engine:classic-extensions:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  +- org.pentaho.reporting.library:libsparkline:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  +- barbecue:barbecue:jar:1.5-beta1:compile
[INFO] |  |  +- net.sf.barcode4j:barcode4j:jar:2.0:compile
[INFO] |  |  +- avalon-framework:avalon-framework:jar:4.1.5:compile
[INFO] |  |  +- commons-pool:commons-pool:jar:1.5.7:compile
[INFO] |  |  +- commons-dbcp:commons-dbcp:jar:1.4:compile
[INFO] |  |  \- com.sun.mail:javax.mail:jar:1.6.1:compile
[INFO] |  +- org.pentaho.reporting.engine:classic-extensions-scripting:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- org.pentaho.reporting.engine:classic-extensions-reportdesigner-parser:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  +- org.pentaho.reporting.engine:classic-extensions-xpath:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  +- org.pentaho.reporting.engine:classic-extensions-mondrian:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  |  +- pentaho:mondrian:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  |  |  +- commons-collections:commons-collections:jar:3.2.2:compile
[INFO] |  |  |  |  +- commons-lang:commons-lang:jar:2.6:compile
[INFO] |  |  |  |  +- org.apache.logging.log4j:log4j-core:jar:2.17.1:compile
[INFO] |  |  |  |  |  \- org.apache.logging.log4j:log4j-api:jar:2.17.1:compile
[INFO] |  |  |  |  +- commons-math:commons-math:jar:1.1:compile
[INFO] |  |  |  |  +- javax.validation:validation-api:jar:1.0.0.GA:compile
[INFO] |  |  |  |  +- eigenbase:eigenbase-properties:jar:1.1.2:compile
[INFO] |  |  |  |  +- eigenbase:eigenbase-resgen:jar:1.3.1:compile
[INFO] |  |  |  |  +- org.olap4j:olap4j:jar:1.2.0:compile
[INFO] |  |  |  |  +- org.olap4j:olap4j-xmla:jar:1.2.0:compile
[INFO] |  |  |  |  +- xerces:xercesImpl:jar:2.12.0:compile
[INFO] |  |  |  |  +- javacup:javacup:jar:10k:compile
[INFO] |  |  |  |  \- net.java.dev.javacc:javacc:jar:5.0:compile
[INFO] |  |  |  +- eigenbase:eigenbase-xom:jar:1.3.5:compile
[INFO] |  |  |  \- commons-io:commons-io:jar:2.11.0:compile
[INFO] |  |  +- org.pentaho.reporting.engine:classic-extensions-pmd:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  |  +- org.pentaho:pentaho-metadata:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  |  |  +- joda-time:joda-time:jar:2.10.2:compile
[INFO] |  |  |  |  +- com.thoughtworks.xstream:xstream:jar:1.4.17:compile
[INFO] |  |  |  |  |  \- io.github.x-stream:mxparser:jar:1.2.1:compile
[INFO] |  |  |  |  |     \- xmlpull:xmlpull:jar:1.1.3.1:compile
[INFO] |  |  |  |  +- org.netbeans:jmi:jar:200507110943:compile
[INFO] |  |  |  |  +- org.netbeans:mdrapi:jar:200507110943:compile
[INFO] |  |  |  |  +- org.netbeans:mof:jar:200507110943:compile
[INFO] |  |  |  |  +- org.netbeans:nbmdr:jar:200507110943-custom:compile
[INFO] |  |  |  |  +- pentaho:pentaho-connections:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  |  |  +- pentaho-kettle:kettle-core:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  |  |  |  +- jug-lgpl:jug-lgpl:jar:2.0.0:compile
[INFO] |  |  |  |  |  +- com.jcraft:jzlib:jar:1.0.7:compile
[INFO] |  |  |  |  |  +- ognl:ognl:jar:2.6.9:compile
[INFO] |  |  |  |  |  +- net.sf.scannotation:scannotation:jar:1.0.2:compile
[INFO] |  |  |  |  |  +- com.wcohen:com.wcohen.secondstring:jar:0.1:compile
[INFO] |  |  |  |  |  +- org.javassist:javassist:jar:3.20.0-GA:compile
[INFO] |  |  |  |  |  +- org.samba.jcifs:jcifs:jar:1.3.3:compile
[INFO] |  |  |  |  |  +- org.springframework:spring-expression:jar:5.3.3:compile
[INFO] |  |  |  |  |  |  \- org.springframework:spring-core:jar:5.3.3:compile
[INFO] |  |  |  |  |  +- org.apache.tomcat:tomcat-jdbc:jar:8.5.27:compile
[INFO] |  |  |  |  |  |  \- org.apache.tomcat:tomcat-juli:jar:8.5.27:compile
[INFO] |  |  |  |  |  \- org.pentaho:pentaho-encryption-support:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  |  |  \- pentaho:pentaho-cwm:jar:1.5.4:compile
[INFO] |  |  |  |     +- org.netbeans:jmiutils:jar:200507110943:compile
[INFO] |  |  |  |     \- org.netbeans:openide-util:jar:200507110943:compile
[INFO] |  |  |  \- pentaho-kettle:kettle-engine:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  |     +- org.pentaho:pdi-engine-api:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  |     |  +- javax.websocket:javax.websocket-api:jar:1.0:compile
[INFO] |  |  |     |  \- org.reactivestreams:reactive-streams:jar:1.0.0:compile
[INFO] |  |  |     +- org.pentaho:pentaho-registry:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  |     +- pentaho:metastore:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  |     +- commons-beanutils:commons-beanutils:jar:1.9.3:compile
[INFO] |  |  |     +- org.owasp.encoder:encoder:jar:1.2:compile
[INFO] |  |  |     +- commons-validator:commons-validator:jar:1.3.1:compile
[INFO] |  |  |     +- com.enterprisedt:edtftpj:jar:2.1.0:compile
[INFO] |  |  |     +- com.googlecode.jsendnsca:jsendnsca:jar:2.0.1:compile
[INFO] |  |  |     +- feed4j:feed4j:jar:1.0:compile
[INFO] |  |  |     +- ftp4che:ftp4che:jar:0.7.1:compile
[INFO] |  |  |     +- georss-rome:georss-rome:jar:0.9.8:compile
[INFO] |  |  |     +- org.ini4j:ini4j:jar:0.5.1:compile
[INFO] |  |  |     +- org.codehaus.janino:commons-compiler:jar:3.0.8:compile
[INFO] |  |  |     +- org.codehaus.janino:janino:jar:3.0.8:compile
[INFO] |  |  |     +- javadbf:javadbf:jar:20081125:compile
[INFO] |  |  |     +- com.googlecode.json-simple:json-simple:jar:1.1:compile
[INFO] |  |  |     +- jsonpath:jsonpath:jar:1.0:compile
[INFO] |  |  |     +- com.sun.jersey.contribs:jersey-apache-client4:jar:1.19.1:compile
[INFO] |  |  |     +- com.sun.jersey:jersey-bundle:jar:1.19.1:compile
[INFO] |  |  |     +- jexcelapi:jxl:jar:2.6.12:compile
[INFO] |  |  |     +- ldapjdk:ldapjdk:jar:20000524:compile
[INFO] |  |  |     +- org.odftoolkit:odfdom-java:jar:0.8.6:compile
[INFO] |  |  |     +- org.postgresql:postgresql:jar:42.2.23:compile
[INFO] |  |  |     +- rome:rome:jar:1.0:compile
[INFO] |  |  |     +- org.eobjects.sassyreader:SassyReader:jar:0.5:compile
[INFO] |  |  |     +- net.sf.saxon:saxon:jar:9.1.0.8:compile
[INFO] |  |  |     +- net.sf.saxon:saxon-dom:jar:9.1.0.8:compile
[INFO] |  |  |     +- org.yaml:snakeyaml:jar:1.7:compile
[INFO] |  |  |     +- org.snmp4j:snmp4j:jar:1.9.3d:compile
[INFO] |  |  |     +- org.syslog4j:syslog4j:jar:0.9.46:compile
[INFO] |  |  |     +- trilead-ssh2:trilead-ssh2:jar:build213:compile
[INFO] |  |  |     +- javax.xml:jaxrpc-api:jar:1.1:compile
[INFO] |  |  |     +- wsdl4j:wsdl4j:jar:1.6.2:compile
[INFO] |  |  |     +- wsdl4j:wsdl4j-qname:jar:1.6.1:compile
[INFO] |  |  |     +- com.fasterxml.jackson.core:jackson-core:jar:2.9.10:compile
[INFO] |  |  |     +- com.fasterxml.jackson.core:jackson-annotations:jar:2.9.10:compile
[INFO] |  |  |     +- com.fasterxml.jackson.core:jackson-databind:jar:2.9.10.2:compile
[INFO] |  |  |     +- org.hibernate:hibernate-core:jar:3.6.9.Final:compile
[INFO] |  |  |     +- org.hibernate:hibernate-c3p0:jar:3.6.9.Final:compile
[INFO] |  |  |     +- org.hibernate:hibernate-commons-annotations:jar:3.2.0.Final:compile
[INFO] |  |  |     +- org.hibernate:hibernate-ehcache:jar:3.6.9.Final:compile
[INFO] |  |  |     +- cglib:cglib-nodep:jar:2.2:compile
[INFO] |  |  |     +- net.sourceforge.nekohtml:nekohtml:jar:1.9.15:compile
[INFO] |  |  |     +- org.mnode.mstor:mstor:jar:0.9.13:compile
[INFO] |  |  |     +- org.xerial.snappy:snappy-java:jar:1.1.0:compile
[INFO] |  |  |     +- commons-cli:commons-cli:jar:1.2:compile
[INFO] |  |  |     +- org.eclipse.jetty:jetty-jaas:jar:9.4.18.v20190429:compile
[INFO] |  |  |     +- org.eclipse.jetty:jetty-server:jar:9.4.18.v20190429:compile
[INFO] |  |  |     |  +- javax.servlet:javax.servlet-api:jar:3.1.0:compile
[INFO] |  |  |     |  +- org.eclipse.jetty:jetty-http:jar:9.4.18.v20190429:compile
[INFO] |  |  |     |  \- org.eclipse.jetty:jetty-io:jar:9.4.18.v20190429:compile
[INFO] |  |  |     +- org.eclipse.jetty:jetty-security:jar:9.4.18.v20190429:compile
[INFO] |  |  |     +- org.eclipse.jetty:jetty-servlet:jar:9.4.18.v20190429:compile
[INFO] |  |  |     +- org.eclipse.jetty:jetty-util:jar:9.4.18.v20190429:compile
[INFO] |  |  |     +- org.eclipse.jetty:jetty-xml:jar:9.4.18.v20190429:compile
[INFO] |  |  |     +- org.eclipse.jetty:jetty-webapp:jar:9.4.18.v20190429:compile
[INFO] |  |  |     +- com.googlecode.log4jdbc:log4jdbc:jar:1.2:compile
[INFO] |  |  |     +- com.cronutils:cron-utils:jar:9.1.6:compile
[INFO] |  |  |     |  \- org.glassfish:javax.el:jar:3.0.0:compile
[INFO] |  |  |     +- com.sun.xml.bind:jaxb-impl:jar:2.3.3:runtime
[INFO] |  |  |     \- io.reactivex.rxjava2:rxjava:jar:2.2.3:compile
[INFO] |  |  \- org.pentaho.reporting.engine:legacy-charts:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |     +- jfree:jfreechart:jar:1.0.13:compile
[INFO] |  |     \- jfree:jcommon:jar:1.0.16:compile
[INFO] |  +- org.pentaho.reporting.engine:classic-extensions-drill-down:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- pentaho:pentaho-versionchecker:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  \- org.safehaus.jug:jug-lgpl:jar:2.0.0:compile
[INFO] |  +- org.pentaho:commons-xul-swing:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  \- org.pentaho:commons-xul-core:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- org.fife.ui:rsyntaxtextarea:jar:1.3.2:compile
[INFO] |  +- org.swinglabs:swingx:jar:1.6.1:compile
[INFO] |  |  +- com.jhlabs:filters:jar:2.0.235:compile
[INFO] |  |  \- org.swinglabs:swing-worker:jar:1.1:compile
[INFO] |  +- com.typesafe.akka:akka-actor_2.10:jar:2.3.3:compile
[INFO] |  |  +- org.scala-lang:scala-library:jar:2.10.4:compile
[INFO] |  |  \- com.typesafe:config:jar:1.2.1:compile
[INFO] |  +- com.google.guava:guava:jar:17.0:compile
[INFO] |  \- org.dom4j:dom4j:jar:2.1.1:compile
[INFO] +- org.pentaho.reporting.library:libpensol:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- org.pentaho.reporting.library:libbase:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- org.apache.commons:commons-vfs2:jar:2.7.0:compile
[INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
[INFO] |  +- pentaho:pentaho-platform-repository:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- pentaho:pentaho-platform-extensions:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- pentaho:pentaho-platform-core:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- pentaho:pentaho-platform-api:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- javax.ws.rs:jsr311-api:jar:1.1.1:compile
[INFO] |  +- org.jvnet.mimepull:mimepull:jar:1.9.3:compile
[INFO] |  +- com.sun.jersey.contribs:jersey-multipart:jar:1.19.1:compile
[INFO] |  +- com.sun.jersey.contribs:jersey-apache-client:jar:1.19.1:compile
[INFO] |  +- com.sun.jersey:jersey-core:jar:1.19.1:compile
[INFO] |  +- com.sun.jersey:jersey-json:jar:1.19.1:compile
[INFO] |  +- com.sun.jersey.contribs:jersey-spring:jar:1.19.1:compile
[INFO] |  +- com.sun.jersey:jersey-client:jar:1.19.1:compile
[INFO] |  +- com.sun.jersey:jersey-server:jar:1.19.1:compile
[INFO] |  \- com.sun.jersey:jersey-servlet:jar:1.19.1:compile
[INFO] +- jaxen:jaxen:jar:1.1.6:compile
[INFO] +- jcifs:jcifs:jar:1.3.3:compile
[INFO] +- com.jcraft:jsch:jar:0.1.54:compile
[INFO] +- jakarta.xml.bind:jakarta.xml.bind-api:jar:2.3.3:compile
[INFO] |  \- jakarta.activation:jakarta.activation-api:jar:1.2.2:compile
[INFO] +- org.glassfish.jaxb:jaxb-runtime:jar:2.3.3:compile
[INFO] |  +- org.glassfish.jaxb:txw2:jar:2.3.3:compile
[INFO] |  +- com.sun.istack:istack-commons-runtime:jar:3.0.11:compile
[INFO] |  \- com.sun.activation:jakarta.activation:jar:1.2.2:compile
[INFO] +- junit:junit:jar:4.11:test
[INFO] +- org.hsqldb:hsqldb:jar:2.3.2:test
[INFO] +- pentaho:simple-jndi:jar:1.0.10:test
[INFO] +- xmlunit:xmlunit:jar:1.3:test
[INFO] +- org.pentaho.reporting.engine:classic-core:test-jar:tests:9.4.0.0-SNAPSHOT:test
[INFO] |  +- org.pentaho.reporting.library:libdocbundle:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- org.pentaho.reporting.library:libfonts:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  \- com.lowagie:itext:jar:2.1.7:compile
[INFO] |  +- org.pentaho.reporting.library:libformat:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- org.pentaho.reporting.library:libformula:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- org.pentaho.reporting.library:libloader:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  +- org.pentaho.reporting.library:libpixie:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  +- org.apache.xmlgraphics:batik-anim:jar:1.9.1:compile
[INFO] |  |  +- org.apache.xmlgraphics:batik-awt-util:jar:1.9.1:compile
[INFO] |  |  +- org.apache.xmlgraphics:batik-bridge:jar:1.9.1:compile
[INFO] |  |  +- org.apache.xmlgraphics:batik-css:jar:1.9.1:compile
[INFO] |  |  +- org.apache.xmlgraphics:batik-dom:jar:1.9.1:compile
[INFO] |  |  +- org.apache.xmlgraphics:batik-ext:jar:1.9.1:compile
[INFO] |  |  +- org.apache.xmlgraphics:batik-gui-util:jar:1.9.1:compile
[INFO] |  |  +- org.apache.xmlgraphics:batik-gvt:jar:1.9.1:compile
[INFO] |  |  +- org.apache.xmlgraphics:batik-parser:jar:1.9.1:compile
[INFO] |  |  +- org.apache.xmlgraphics:batik-script:jar:1.9.1:compile
[INFO] |  |  +- org.apache.xmlgraphics:batik-svg-dom:jar:1.9.1:compile
[INFO] |  |  +- org.apache.xmlgraphics:batik-util:jar:1.9.1:compile
[INFO] |  |  +- org.apache.xmlgraphics:batik-xml:jar:1.9.1:compile
[INFO] |  |  +- org.apache.xmlgraphics:batik-codec:jar:1.9.1:compile
[INFO] |  |  +- org.apache.xmlgraphics:batik-transcoder:jar:1.9.1:compile
[INFO] |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.9.1:compile
[INFO] |  |  +- org.apache.xmlgraphics:batik-i18n:jar:1.9.1:compile
[INFO] |  |  +- xml-apis:xml-apis-ext:jar:1.3.04:compile
[INFO] |  |  \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.2:compile
[INFO] |  +- org.pentaho.reporting.library:librepository:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- org.pentaho.reporting.library:libserializer:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- org.pentaho.reporting.library:libxml:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- org.pentaho.reporting.library:flute:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  |  \- org.w3c.css:sac:jar:1.3:compile
[INFO] |  +- org.apache.poi:poi-ooxml-schemas:jar:4.1.1:compile
[INFO] |  +- org.apache.poi:poi-ooxml:jar:4.1.1:compile
[INFO] |  +- org.apache.poi:poi:jar:4.1.1:compile
[INFO] |  +- org.apache.commons:commons-collections4:jar:4.4:compile
[INFO] |  +- commons-codec:commons-codec:jar:1.15:provided
[INFO] |  +- org.apache.commons:commons-math3:jar:3.6.1:provided
[INFO] |  +- com.github.virtuald:curvesapi:jar:1.06:provided
[INFO] |  +- org.apache.commons:commons-compress:jar:1.20:provided
[INFO] |  +- org.apache.xmlbeans:xmlbeans:jar:3.1.0:compile
[INFO] |  +- org.pentaho:commons-database-model:jar:9.4.0.0-SNAPSHOT:compile
[INFO] |  +- bsf:bsf:jar:2.4.0:compile
[INFO] |  +- org.beanshell:bsh:jar:1.3.0:compile
[INFO] |  +- org.codehaus.groovy:groovy-all:jar:2.4.8:compile
[INFO] |  +- org.antlr:antlr-complete:jar:3.5.2:compile
[INFO] |  +- asm:asm:jar:3.2:compile
[INFO] |  +- com.lowagie:itext-rtf:jar:2.1.7:compile
[INFO] |  +- bouncycastle:bcmail-jdk14:jar:138:compile
[INFO] |  +- net.sf.ehcache:ehcache-core:jar:2.5.1:compile
[INFO] |  |  \- org.slf4j:slf4j-api:jar:1.7.12:compile
[INFO] |  \- rhino:js:jar:1.7R3:compile
[INFO] +- org.mockito:mockito-all:jar:1.10.19:test
[INFO] +- org.hamcrest:hamcrest-core:jar:1.3:test
[INFO] +- org.apache.httpcomponents:httpclient:jar:4.5.9:compile
[INFO] \- org.apache.httpcomponents:httpcore:jar:4.4.11:compile

Suggested solutions:

Update dependency version

Thank you very much.

The text was updated successfully, but these errors were encountered:

Fix issue pentaho#1522 by update dependency org.apache.httpcomponents:httpclient 4.5.13

CVEDetect added a commit to CVEDetect/pentaho-reporting that referenced this issue Oct 23, 2022

Fix CVE dependency issue

3202e71

Fix issue pentaho#1522 by update dependency org.apache.httpcomponents:httpclient 4.5.13

CVEDetect mentioned this issue Oct 23, 2022

Fix CVE dependency issue #1526

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dependency org.apache.httpcomponents:httpclient, leading to CVE problem #1522

Dependency org.apache.httpcomponents:httpclient, leading to CVE problem #1522

CVEDetect commented Oct 12, 2022

Dependency org.apache.httpcomponents:httpclient, leading to CVE problem #1522

Dependency org.apache.httpcomponents:httpclient, leading to CVE problem #1522

Comments

CVEDetect commented Oct 12, 2022