Security vulnerabilities in google-http-client-1.38.0 #1207
Assignees
Labels
triage me
I really want to be triaged.
Comments
|
The OpenCensus report is invalid. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
[INFO] - com.google.http-client:google-http-client:jar:1.38.0:runtime
[INFO] - io.opencensus:opencensus-api:jar:0.24.0:runtime
[INFO] - io.grpc:grpc-context:jar:1.22.1:runtime
Please update OpenCensus to a newer version:
Filename: grpc-context-1.22.1.jar | Highest CVSS Score: 7.5 | Amount of CVSS: 1 | References: CVE-2020-7768 (7.5)
[INFO] - com.google.guava:guava:jar:30.0-android:runtime
[INFO] +- com.google.guava:failureaccess:jar:1.0.1:runtime
[INFO] - com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:runtime
Please update Guava to a newer version:
Filename: failureaccess-1.0.1.jar | Highest CVSS Score: 3.3 | Amount of CVSS: 1 | References: CVE-2020-8908 (3.3)
Please look into this:
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
Filename: google-http-client-1.38.0.jar | Highest CVSS Score: 5.3 | Amount of CVSS: 1 | References: CVE-2020-13956 (5.3)
The text was updated successfully, but these errors were encountered: