Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/ruby-net-ldap@0.16.1-1?distro=trixie

Type deb

Namespace debian

Name ruby-net-ldap

Version 0.16.1-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 0.17.0-1

Latest_non_vulnerable_version 0.20.0-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-73qr-99ye-cffg

vulnerability_id VCID-73qr-99ye-cffg

summary

No validation of hostname certificate
Net-ldap does not validate the hostname certificate. Ruby is relying on OpenSSL, and one common mistake made by users of OpenSSL is to assume that OpenSSL will validate the hostname in the server's certificate. did not perform hostname validation. and up contain support for hostname validation, but they still require the user to call a few functions to set it up.

references

reference_url

http://openwall.com/lists/oss-security/2017/12/17/10

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2017/12/17/10

reference_url	http://ruby-doc.org/stdlib-1.9.3/libdoc/openssl/rdoc/OpenSSL/SSL.html#method-c-verify_certificate_identity
reference_id
reference_type
scores
url	http://ruby-doc.org/stdlib-1.9.3/libdoc/openssl/rdoc/OpenSSL/SSL.html#method-c-verify_certificate_identity

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-17718

reference_id

reference_type

scores

value	0.00172
scoring_system	epss
scoring_elements	0.38211
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-17718

reference_url

https://github.com/ruby-ldap/ruby-net-ldap

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby-ldap/ruby-net-ldap

reference_url

https://github.com/ruby-ldap/ruby-net-ldap/issues/258

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby-ldap/ruby-net-ldap/issues/258

reference_url

https://github.com/ruby-ldap/ruby-net-ldap/pull/279

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby-ldap/ruby-net-ldap/pull/279

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884693
reference_id	884693
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884693

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-17718

reference_id

CVE-2017-17718

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-17718

reference_url

https://github.com/advisories/GHSA-m7p8-9w66-9frm

reference_id

GHSA-m7p8-9w66-9frm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m7p8-9w66-9frm

fixed_packages

url	pkg:deb/debian/ruby-net-ldap@0.16.1-1?distro=trixie
purl	pkg:deb/debian/ruby-net-ldap@0.16.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0.16.1-1%3Fdistro=trixie

url	pkg:deb/debian/ruby-net-ldap@0.17.0-1?distro=trixie
purl	pkg:deb/debian/ruby-net-ldap@0.17.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0.17.0-1%3Fdistro=trixie

url	pkg:deb/debian/ruby-net-ldap@0.19.0-1?distro=trixie
purl	pkg:deb/debian/ruby-net-ldap@0.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/ruby-net-ldap@0.20.0-1?distro=trixie
purl	pkg:deb/debian/ruby-net-ldap@0.20.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0.20.0-1%3Fdistro=trixie

aliases CVE-2017-17718, GHSA-m7p8-9w66-9frm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-73qr-99ye-cffg

url VCID-ebv7-83uf-23bw

vulnerability_id VCID-ebv7-83uf-23bw

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0083

reference_id

reference_type

scores

value	0.00066
scoring_system	epss
scoring_elements	0.20514
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0083

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0083

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0083

reference_url

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0083

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0083

reference_url

https://github.com/ruby-ldap/ruby-net-ldap

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby-ldap/ruby-net-ldap

reference_url

https://github.com/ruby-ldap/ruby-net-ldap/commit/b412ca05f6b430eaa1ce97ac95885b4cf187b04a

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby-ldap/ruby-net-ldap/commit/b412ca05f6b430eaa1ce97ac95885b4cf187b04a

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0083

reference_id

CVE-2014-0083

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0083

reference_url

https://security-tracker.debian.org/tracker/CVE-2014-0083

reference_id

CVE-2014-0083

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security-tracker.debian.org/tracker/CVE-2014-0083

reference_url

https://github.com/advisories/GHSA-qwgm-mxm4-3q2c

reference_id

GHSA-qwgm-mxm4-3q2c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qwgm-mxm4-3q2c

fixed_packages

url	pkg:deb/debian/ruby-net-ldap@0?distro=trixie
purl	pkg:deb/debian/ruby-net-ldap@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0%3Fdistro=trixie

url	pkg:deb/debian/ruby-net-ldap@0.16.1-1?distro=trixie
purl	pkg:deb/debian/ruby-net-ldap@0.16.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0.16.1-1%3Fdistro=trixie

url	pkg:deb/debian/ruby-net-ldap@0.17.0-1?distro=trixie
purl	pkg:deb/debian/ruby-net-ldap@0.17.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0.17.0-1%3Fdistro=trixie

url	pkg:deb/debian/ruby-net-ldap@0.19.0-1?distro=trixie
purl	pkg:deb/debian/ruby-net-ldap@0.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/ruby-net-ldap@0.20.0-1?distro=trixie
purl	pkg:deb/debian/ruby-net-ldap@0.20.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0.20.0-1%3Fdistro=trixie

aliases CVE-2014-0083, GHSA-qwgm-mxm4-3q2c, OSV-106108

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ebv7-83uf-23bw

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-net-ldap@0.16.1-1%3Fdistro=trixie

Package Instance