AVG-1863 log

Package maven
Status Fixed
Severity Medium
Type multiple issues
Affected 3.6.3-1
Fixed 3.8.1-1
Current 3.8.6-1 [community]
Ticket None
Created Fri Apr 23 17:40:45 2021
Issue Severity Remote Type Description
CVE-2021-26291 Medium Yes Man-in-the-middle
Apache Maven may follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in...
CVE-2020-13956 Medium Yes Insufficient validation
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as...