CVEs in the dependencies are in the execution path of your project

[CleWang]

Hello,
Your project uses some dependencies with CVEs. I found that the buggy methods of the CVEs are in the program execution path of your project, which makes your project at risk. I have suggested some version updates. See below for more details:

• Vulnerable Dependency: org.apache.httpcomponents : httpclient : 4.3

• Call Chain to Buggy Methods:

  • Some files in your project call the library method org.apache.http.impl.client.HttpClientBuilder.build(), which can reach the buggy method of CVE-2013-4366.

    • Files in your project:
      src/main/java/com/netflix/simianarmy/client/MonkeyRestClient.java
    • One of the possible call chain:

    org.apache.http.impl.client.HttpClientBuilder.build() [buggy method]
    

• Update suggestion: version 4.5.11
  4.5.11 is a safe version without CVEs. From 4.3 to 4.5.11, 2 of the APIs (called by 2 times in your project) were modified.