VYPR
Moderate severityOSV Advisory· Published Dec 2, 2020· Updated Dec 1, 2025

CVE-2020-13956

CVE-2020-13956

Description

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.httpcomponents:httpclientMaven
< 4.5.134.5.13
org.apache.httpcomponents:httpclientMaven
>= 5.0.0, < 5.0.35.0.3

Affected products

201

Patches

Vulnerability mechanics

References

122

News mentions

0

No linked articles in our index yet.