CVE-2025-27820

Published April 24th, 2025

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release

apache/httpcomponents-client

Mirror of Apache HttpClient

GitHub

1.53K