Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/httpcomponents-client@4.5.7-1
purl pkg:deb/debian/httpcomponents-client@4.5.7-1
Next non-vulnerable version 4.5.13-2
Latest non-vulnerable version 4.5.13-2
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-mrdq-9pb2-3qb5
Aliases:
CVE-2020-13956
GHSA-7r82-7xv7-xcpj
Cross-site scripting in Apache HttpClient Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
4.5.7-1+deb10u1
Affected by 1 other vulnerability.
4.5.13-2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-15T21:14:09.345473+00:00 Debian Oval Importer Affected by VCID-mrdq-9pb2-3qb5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T15:09:48.346983+00:00 Debian Oval Importer Affected by VCID-mrdq-9pb2-3qb5 https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.4.0
2026-04-11T20:53:56.421215+00:00 Debian Oval Importer Affected by VCID-mrdq-9pb2-3qb5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T14:58:06.605276+00:00 Debian Oval Importer Affected by VCID-mrdq-9pb2-3qb5 https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.3.0
2026-04-08T20:33:24.800295+00:00 Debian Oval Importer Affected by VCID-mrdq-9pb2-3qb5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-07T23:30:07.662960+00:00 Debian Oval Importer Affected by VCID-mrdq-9pb2-3qb5 https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.1.0