-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from HttpClientBuilder's failure to enforce a non-null X509HostnameVerifier during SSL socket factory creation. The commit diff shows the fix adds a null-check and defaults to BROWSER_COMPATIBLE_HOSTNAME_VERIFIER, proving the original code allowed null values. This matches the CVE description about disabled hostname verification due to unvalidated null verifier.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.httpcomponents:httpclient | maven | >= 4.3, < 4.3.1 | 4.3.1 |