EUVD-2022-6719

Malicious code in bioql PyPI...

EUVD-2022-3819

Malicious code in bioql PyPI...

EUVD-2022-15590

Malicious code in bioql PyPI...

Security Bulletin: SSL Certificate Hostname Verification Bypass in Apache Commons HttpClient 3.x Allowing MITM Attacks affects watsonx.data

Summary Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

Security Bulletin: A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, which affects IBM watsonx.data

Summary A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-27820 DESCRIPTION: A bug in PSL validation...

ROS-20250808-01

A vulnerability in the Apache HttpClient client module is related to insufficient input validation. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected data or gain access to modify, add, or delete protected data. access to protected data or ga...

Atlassian Confluence 9.2.4 < 9.2.6 / 9.4.x < 9.5.2 (CONFSERVER-100164)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-100164 advisory. - A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discover...

Atlassian Jira Service Management Data Center and Server 5.12.23 < 5.12.24 / 10.3.x < 10.3.8 / 10.5.x < 10.7.2 (JSDSERVER-16269)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16269 advisory. - A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in httpclient5-5.4.2.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of httpclient5-5.4.2.jar Vulnerability Details CVEID:CVE-2025-27820 DESCRIPTION: A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification...

Third-Party Dependency in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 10.2.4 and 11.0.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allows an unauthenticated...

MITM (Man-in-the-Middle) org.apache.httpcomponents.client5:httpclient5 Dependency in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.2.4, 9.4.0, and 9.5.1 of Confluence Data Center and Server however LTS version 8.5 is not affected by this CVE. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

K000151334: Apache HttpClient vulnerability CVE-2025-27820

Security Advisory Description A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release CVE-2025-27820 Impact There is no impact; F5 products are not...

Alibaba Cloud Linux 3 : 0160: maven:3.6 (ALINUX3-SA-2022:0160)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0160 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-13956: Apache HttpClient versions...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team.This bulletin contains information...

Apache HttpClient Logic Error Vulnerability

Apache HttpClient is the United States Apache Apache Foundation of a Java written to access HTTP resources client program. The program is used to access network resources using the HTTP protocol. A logic error vulnerability exists in Apache HttpClient versions prior to 5.4.3, which stems from a P...

MAL-2025-3609 Malicious code in apache-httpclient (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a77347ebb8573c5fbeca35230df16ec582c33958e0a5bad13704efdea35f24eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in apache-httpclient (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a77347ebb8573c5fbeca35230df16ec582c33958e0a5bad13704efdea35f24eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-27820

A flaw was found in Apache HttpClient. This vulnerability allows unauthorized access or information disclosure via disabled Public Suffix List PSL validation, affecting cookie management and hostname verification. Mitigation Mitigation for this issue is either not available or the currently...

SUSE CVE-2025-27820

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...

Improper Certificate Validation

Overview org.apache.httpcomponents.client5:httpclient5 is a HttpClient component of the Apache HttpComponents project. Affected versions of this package are vulnerable to Improper Certificate Validation due to a bug in the validation logic of the Public Suffix List, which allows attackers to...