From 58b7d0c845302c10965e312ace619f465ac239f6 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
 <45398580+advisory-database[bot]@users.noreply.github.com>
Date: Tue, 5 Nov 2024 22:29:42 +0000
Subject: [PATCH] Publish GHSA-3832-9276-x7gf

---
 .../GHSA-3832-9276-x7gf/GHSA-3832-9276-x7gf.json   | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/advisories/github-reviewed/2022/05/GHSA-3832-9276-x7gf/GHSA-3832-9276-x7gf.json b/advisories/github-reviewed/2022/05/GHSA-3832-9276-x7gf/GHSA-3832-9276-x7gf.json
index 578e6c5bb597a..35c9a08e939c2 100644
--- a/advisories/github-reviewed/2022/05/GHSA-3832-9276-x7gf/GHSA-3832-9276-x7gf.json
+++ b/advisories/github-reviewed/2022/05/GHSA-3832-9276-x7gf/GHSA-3832-9276-x7gf.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3832-9276-x7gf",
-  "modified": "2024-03-14T21:52:44Z",
+  "modified": "2024-11-05T22:28:04Z",
   "published": "2022-05-13T01:10:34Z",
   "aliases": [
     "CVE-2012-5783"
   ],
-  "summary": "Improper Certificate Validation in apache HttpClient",
-  "details": "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",
+  "summary": "Improper Certificate Validation in Apache Commons HttpClient",
+  "details": "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.\n\nNote that the Commons HttpClient project is [end of life](https://hc.apache.org/httpclient-legacy/). It has been replaced by the Apache HttpComponents project in its [HttpClient](https://hc.apache.org/httpcomponents-client-5.4.x/) and [HttpCore](https://hc.apache.org/httpcomponents-core-5.3.x/) modules. CVE-2012-5783 has been patched in [v4.0](https://repo1.maven.org/maven2/org/apache/httpcomponents/httpclient/4.0/) of the Apache HttpComponents HttpClient module.",
   "severity": [
 
   ],
@@ -23,13 +23,13 @@
           "events": [
             {
               "introduced": "3.0"
-            },
-            {
-              "fixed": "4.0"
             }
           ]
         }
-      ]
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "< 4.0"
+      }
     }
   ],
   "references": [