Menu

#163 Dependency on vulnerable library, http-client 3.1, CVE-2015-5262 CVE-2014-3577 CVE-2012-6153

1.9.15
closed-invalid
Marc Guillemot
None
5
2016-05-23
2016-05-21
Matt Seil
No

The initial ticket was raised on the OWASP ESAPI project. The dependent library is subject to three CVEs,

CVE-2015-5262
CVE-2014-3577
CVE-2012-6153

Httpclient 3.1 is EOL anyway.

Discussion

  • Marc Guillemot

    Marc Guillemot - 2016-05-23

    NekoHTML has no dependency on HttpClient

     

  • Marc Guillemot

    Marc Guillemot - 2016-05-23
    • status: open --> closed-invalid
    • assigned_to: Marc Guillemot
     

Log in to post a comment.

MongoDB Logo MongoDB