Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.springframework.security/spring-security-ldap@3.2.1.RELEASE

Type maven

Namespace org.springframework.security

Name spring-security-ldap

Version 3.2.1.RELEASE

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.2.2.RELEASE

Latest_non_vulnerable_version 3.2.2.RELEASE

Affected_by_vulnerabilities

url VCID-h197-qg16-4ug5

vulnerability_id VCID-h197-qg16-4ug5

summary

Improper Authentication
The `ActiveDirectoryLdapAuthenticator` does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0097.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0097.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0097

reference_id

reference_type

scores

value	0.00234
scoring_system	epss
scoring_elements	0.46404
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0097

reference_url

https://github.com/spring-projects/spring-security/commit/7dbb8e777ece8675f3333a1ef1cb4d6b9be80395

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-security/commit/7dbb8e777ece8675f3333a1ef1cb4d6b9be80395

reference_url

https://github.com/spring-projects/spring-security/commit/88559882e967085c47a7e1dcbc4dc32c2c796868

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-security/commit/88559882e967085c47a7e1dcbc4dc32c2c796868

reference_url

https://github.com/spring-projects/spring-security/commit/a7005bd74241ac8e2e7b38ae31bc4b0f641ef973

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-security/commit/a7005bd74241ac8e2e7b38ae31bc4b0f641ef973

reference_url

https://jira.springsource.org/browse/SEC-2500

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://jira.springsource.org/browse/SEC-2500

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0097

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0097

reference_url

https://pivotal.io/security/cve-2014-0097

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2014-0097

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1075302
reference_id	1075302
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1075302

reference_url	https://bugzilla.redhat.com/CVE-2014-0097
reference_id	CVE-2014-0097
reference_type
scores
url	https://bugzilla.redhat.com/CVE-2014-0097

reference_url	http://www.gopivotal.com/security/cve-2014-0097
reference_id	CVE-2014-0097
reference_type
scores
url	http://www.gopivotal.com/security/cve-2014-0097

fixed_packages

url	pkg:maven/org.springframework.security/spring-security-ldap@3.2.2.RELEASE
purl	pkg:maven/org.springframework.security/spring-security-ldap@3.2.2.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-ldap@3.2.2.RELEASE

aliases CVE-2014-0097, GHSA-gv9v-c375-hvmg

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h197-qg16-4ug5

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-ldap@3.2.1.RELEASE

Package Instance