VYPR

Maven package

org.apache.httpcomponents.client5/httpclient5

pkg:maven/org.apache.httpcomponents.client5/httpclient5

Vulnerabilities (2)

  • CVE-2026-40542HigApr 22, 2026
    affected >= 5.6-alpha1, < 5.6.1fixed 5.6.1

    Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue.

  • CVE-2025-27820Apr 24, 2025
    affected >= 5.4-alpha1, < 5.4.3fixed 5.4.3

    A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release