Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.directory.api/apache-ldap-api@1.0.0-M26

Type maven

Namespace org.apache.directory.api

Name apache-ldap-api

Version 1.0.0-M26

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.0.2

Latest_non_vulnerable_version 1.0.2

Affected_by_vulnerabilities

url VCID-hm2f-t4wa-tuhu

vulnerability_id VCID-hm2f-t4wa-tuhu

summary

Exposure of Sensitive Information to an Unauthorized Actor
In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1337

reference_id

reference_type

scores

value	0.02662
scoring_system	epss
scoring_elements	0.86069
published_at	2026-06-04T12:55:00Z

value	0.02662
scoring_system	epss
scoring_elements	0.86091
published_at	2026-06-09T12:55:00Z

value	0.02662
scoring_system	epss
scoring_elements	0.86089
published_at	2026-06-07T12:55:00Z

value	0.02662
scoring_system	epss
scoring_elements	0.86078
published_at	2026-06-08T12:55:00Z

value	0.02662
scoring_system	epss
scoring_elements	0.8609
published_at	2026-06-05T12:55:00Z

value	0.02662
scoring_system	epss
scoring_elements	0.86094
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1337

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1337
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1337

reference_url	https://github.com/apache/directory-ldap-api/commit/075b70a733d7af150b3d85684149ff5f029f7fd
reference_id
reference_type
scores
url	https://github.com/apache/directory-ldap-api/commit/075b70a733d7af150b3d85684149ff5f029f7fd

reference_url	https://github.com/apache/directory-ldap-api/commit/5faa6a71606a22a7503d401911875ec3a355cac
reference_id
reference_type
scores
url	https://github.com/apache/directory-ldap-api/commit/5faa6a71606a22a7503d401911875ec3a355cac

reference_url

https://lists.apache.org/thread.html/d66081195e9a02ee7cc20fb243b60467d1419586eed28297d820768f@%3Cdev.directory.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/d66081195e9a02ee7cc20fb243b60467d1419586eed28297d820768f@%3Cdev.directory.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r0e645b3f6ca977dc60b7cec231215c59a9471736c2402c1fef5a0616@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r0e645b3f6ca977dc60b7cec231215c59a9471736c2402c1fef5a0616@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1815fb5b0c345f571c740e7a1b48d7477647edd4ffcf9d5321e69446@%3Cdev.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1815fb5b0c345f571c740e7a1b48d7477647edd4ffcf9d5321e69446@%3Cdev.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1a258430d820a90ff9d4558319296cc517ff2252327d7b3546d16749@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1a258430d820a90ff9d4558319296cc517ff2252327d7b3546d16749@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r4da40aa50cfdb2158898f2bc6df81feec1d42c6a06db6537d5cc0496@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4da40aa50cfdb2158898f2bc6df81feec1d42c6a06db6537d5cc0496@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r55e74532e7f9e84ecfa56b4e0a50a5fe0ba6f7a76880520e4400b0d7@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r55e74532e7f9e84ecfa56b4e0a50a5fe0ba6f7a76880520e4400b0d7@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r56b304fb9960c869995efbb31da3b9b7c6d53ee31f7f7048eb80434b@%3Cdev.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r56b304fb9960c869995efbb31da3b9b7c6d53ee31f7f7048eb80434b@%3Cdev.kafka.apache.org%3E

reference_url

http://www.securityfocus.com/bid/104744

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/104744

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1337

reference_id

CVE-2018-1337

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1337

reference_url

https://github.com/advisories/GHSA-cfw5-v7cw-69cw

reference_id

GHSA-cfw5-v7cw-69cw

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-cfw5-v7cw-69cw

fixed_packages

url	pkg:maven/org.apache.directory.api/apache-ldap-api@1.0.2
purl	pkg:maven/org.apache.directory.api/apache-ldap-api@1.0.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.directory.api/apache-ldap-api@1.0.2

aliases CVE-2018-1337, GHSA-cfw5-v7cw-69cw

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hm2f-t4wa-tuhu

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.directory.api/apache-ldap-api@1.0.0-M26

Package Instance