Hi. It's been reported at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956 that Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
Can you please upgrade HttpClient to 4.5.13 at https://github.com/Ecwid/consul-api/blob/master/build.gradle#L15 ?
Also as a compile dependency, please upgrade HttpCore to 4.4.13 at https://github.com/Ecwid/consul-api/blob/master/build.gradle#L14.
Hi. It's been reported at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956 that Apache HttpClient versions prior to version
4.5.13and5.0.3can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.Can you please upgrade HttpClient to
4.5.13at https://github.com/Ecwid/consul-api/blob/master/build.gradle#L15 ?Also as a compile dependency, please upgrade HttpCore to
4.4.13at https://github.com/Ecwid/consul-api/blob/master/build.gradle#L14.