Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/ruby-net-ldap@0.16.1-1?distro=trixie

Type deb

Namespace debian

Name ruby-net-ldap

Version 0.16.1-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 0.17.0-1

Latest_non_vulnerable_version 0.20.0-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-5cnk-a9hu-y7ft

vulnerability_id VCID-5cnk-a9hu-y7ft

summary

No validation of hostname certificate
Net-ldap does not validate the hostname certificate. Ruby is relying on OpenSSL, and one common mistake made by users of OpenSSL is to assume that OpenSSL will validate the hostname in the server's certificate. did not perform hostname validation. and up contain support for hostname validation, but they still require the user to call a few functions to set it up.

references

reference_url

http://openwall.com/lists/oss-security/2017/12/17/10

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2017/12/17/10

reference_url	http://ruby-doc.org/stdlib-1.9.3/libdoc/openssl/rdoc/OpenSSL/SSL.html#method-c-verify_certificate_identity
reference_id
reference_type
scores
url	http://ruby-doc.org/stdlib-1.9.3/libdoc/openssl/rdoc/OpenSSL/SSL.html#method-c-verify_certificate_identity

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17718.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17718.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-17718

reference_id

reference_type

scores

value	0.00172
scoring_system	epss
scoring_elements	0.38266
published_at	2026-06-05T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38177
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-17718

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17718
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17718

reference_url

https://github.com/ruby-ldap/ruby-net-ldap

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby-ldap/ruby-net-ldap

reference_url

https://github.com/ruby-ldap/ruby-net-ldap/issues/258

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby-ldap/ruby-net-ldap/issues/258

reference_url

https://github.com/ruby-ldap/ruby-net-ldap/pull/279

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby-ldap/ruby-net-ldap/pull/279

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-17718

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-17718

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1527048
reference_id	1527048
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1527048

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884693
reference_id	884693
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884693

reference_url

https://github.com/advisories/GHSA-m7p8-9w66-9frm

reference_id

GHSA-m7p8-9w66-9frm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m7p8-9w66-9frm

reference_url	https://access.redhat.com/errata/RHSA-2020:1454
reference_id	RHSA-2020:1454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1454

fixed_packages

url	pkg:deb/debian/ruby-net-ldap@0.16.1-1?distro=trixie
purl	pkg:deb/debian/ruby-net-ldap@0.16.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0.16.1-1%3Fdistro=trixie

url	pkg:deb/debian/ruby-net-ldap@0.17.0-1?distro=trixie
purl	pkg:deb/debian/ruby-net-ldap@0.17.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0.17.0-1%3Fdistro=trixie

url	pkg:deb/debian/ruby-net-ldap@0.19.0-1?distro=trixie
purl	pkg:deb/debian/ruby-net-ldap@0.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/ruby-net-ldap@0.20.0-1?distro=trixie
purl	pkg:deb/debian/ruby-net-ldap@0.20.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0.20.0-1%3Fdistro=trixie

aliases CVE-2017-17718, GHSA-m7p8-9w66-9frm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5cnk-a9hu-y7ft

url VCID-r5et-hbw5-aybw

vulnerability_id VCID-r5et-hbw5-aybw

summary

CVE-2014-0083 rubygem-net-ldap: SSHA passwords generated by the net-ldap Ruby gem use a weak salt
The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA
passwords.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0083.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0083.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0083

reference_id

reference_type

scores

value	0.00066
scoring_system	epss
scoring_elements	0.20578
published_at	2026-06-05T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20505
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0083

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0083

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0083

reference_url

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0083

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0083

reference_url

https://github.com/ruby-ldap/ruby-net-ldap

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby-ldap/ruby-net-ldap

reference_url

https://github.com/ruby-ldap/ruby-net-ldap/commit/b412ca05f6b430eaa1ce97ac95885b4cf187b04a

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby-ldap/ruby-net-ldap/commit/b412ca05f6b430eaa1ce97ac95885b4cf187b04a

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0083

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0083

reference_url

https://security-tracker.debian.org/tracker/CVE-2014-0083

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security-tracker.debian.org/tracker/CVE-2014-0083

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1065086
reference_id	1065086
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1065086

reference_url

https://github.com/advisories/GHSA-qwgm-mxm4-3q2c

reference_id

GHSA-qwgm-mxm4-3q2c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qwgm-mxm4-3q2c

fixed_packages

url	pkg:deb/debian/ruby-net-ldap@0?distro=trixie
purl	pkg:deb/debian/ruby-net-ldap@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0%3Fdistro=trixie

url	pkg:deb/debian/ruby-net-ldap@0.16.1-1?distro=trixie
purl	pkg:deb/debian/ruby-net-ldap@0.16.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0.16.1-1%3Fdistro=trixie

url	pkg:deb/debian/ruby-net-ldap@0.17.0-1?distro=trixie
purl	pkg:deb/debian/ruby-net-ldap@0.17.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0.17.0-1%3Fdistro=trixie

url	pkg:deb/debian/ruby-net-ldap@0.19.0-1?distro=trixie
purl	pkg:deb/debian/ruby-net-ldap@0.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/ruby-net-ldap@0.20.0-1?distro=trixie
purl	pkg:deb/debian/ruby-net-ldap@0.20.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0.20.0-1%3Fdistro=trixie

aliases CVE-2014-0083, GHSA-qwgm-mxm4-3q2c, OSV-106108

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r5et-hbw5-aybw

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0.16.1-1%3Fdistro=trixie

Package Instance