osv-java-poc

OSV Scanner CVE Detection POC — Vulnerable Java App ⚠️ WA...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by an improper input validation due to Apache Commons HttpClient

Summary Apache Commons HttpClient is used by IBM Operations Analytics - Log Analysis as part of the standards-based Java library for executing HTTP requests. CVE-2012-6153, CVE-2012-5783. Vulnerability Details CVEID:CVE-2012-6153 DESCRIPTION: http/conn/ssl/AbstractVerifier.java in Apache Commons...

CVE-2022-26437

In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831...

EUVD-2020-7681

Malware in sbrugna...

EUVD-2020-7680

Malware in sbrugna...

EUVD-2022-30996

Malicious code in bioql PyPI...

K000151334: Apache HttpClient vulnerability CVE-2025-27820

Security Advisory Description A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release CVE-2025-27820 Impact There is no impact; F5 products are not...

Apache HttpClient Logic Error Vulnerability

Apache HttpClient is the United States Apache Apache Foundation of a Java written to access HTTP resources client program. The program is used to access network resources using the HTTP protocol. A logic error vulnerability exists in Apache HttpClient versions prior to 5.4.3, which stems from a P...

Security Bulletin: Due to the use of Apache HttpClient, IBM EntireX is vulnerable to security restrictions being bypassed (CVE-2020-13956).

Summary Due to the use of Apache HttpClient, IBM EntireX is vulnerable to security restrictions being bypassed CVE-2020-13956. Apache HttpClient has been removed from IBM EntireX in order to address the vulnerability. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could...

CVE-2024-51987

Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh occurs. This occurs because a refreshed token will be captur...

The vulnerability of the Apache HttpClient library, a component of Apache HttpComponents, allows a hacker to replace SSL servers.

The vulnerability of the Apache HttpClient library in Apache HttpComponents relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to replace SSL servers using a specially crafted certificate...

USN-5239-1: HttpClient vulnerability

It was discovered that HttpClient mishandled certain input. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code...

USN-5239-1 httpcomponents-client vulnerability

It was discovered that HttpClient mishandled certain input. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code...

CVE-2022-26437

In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831...

CentOS 8 : maven:3.5 (CESA-2022:1861)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2022:1861 advisory. - apache-httpclient: incorrect handling of malformed authority component in request URIs CVE-2020-13956 Note that Nessus has not tested for this issue but has...

GHSA-HWVM-VFW8-93MW Vulnerable dependency in XTDB connector

Impact The impacted portion of the XTDB connector is its connectivity to S3 as a backing store: this is the only portion of the connector that uses this vulnerable httpclient dependency. Per the description, the vulnerability regards URIs that may be misinterpreted, which given the area of impact...

ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), agorapulse.plugins.asset-pipeline-cdn:agorapulse.plugins.asset-pipeline-cdn.gradle.plugin (>=0.1 <=0.1.3) +16694 more potentially affected by CVE-2015-5262 via org.apache.httpcomponents:httpclient (>=4.0 <=4.3.5)

org.apache.httpcomponents:httpclient MAVEN version =4.0, =1.0.1, =0.1, =1.4.6, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =0.13.0, =0.13.0, =0.13.0, =0.12.0, =0.13.0, =0.12.0, =0.16.0 and more Source cves: CVE-2015-5262 Source advisory: OSV:GHSA-FMJ5-WV96-R2CH...

ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), agorapulse.plugins.asset-pipeline-cdn:agorapulse.plugins.asset-pipeline-cdn.gradle.plugin (>=0.1 <=0.1.3) +15759 more potentially affected by CVE-2014-3577 via org.apache.httpcomponents:httpclient (>=4.0 <=4.3.4)

org.apache.httpcomponents:httpclient MAVEN version =4.0, =1.0.1, =0.1, =1.4.6, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =0.13.0, =0.13.0, =0.13.0, =0.12.0, =0.13.0, =0.12.0, =0.16.0 and more Source cves: CVE-2014-3577 Source advisory: OSV:GHSA-CFH5-3GHH-WFJX...