VYPR
High severityNVD Advisory· Published Apr 24, 2025· Updated Jun 4, 2025

Apache HttpComponents: PSL (Public Suffix List) validation bypass

CVE-2025-27820

Description

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.httpcomponents.client5:httpclient5Maven
>= 5.4-alpha1, < 5.4.35.4.3

Affected products

88

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.