Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.security/spring-security-core@3.2.2.RELEASE
Typemaven
Namespaceorg.springframework.security
Namespring-security-core
Version3.2.2.RELEASE
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.2.10.RELEASE
Latest_non_vulnerable_version6.5.4
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-h197-qg16-4ug5
vulnerability_id VCID-h197-qg16-4ug5
summary 
Improper Authentication
The `ActiveDirectoryLdapAuthenticator` does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.
references
0
reference_url https://bugzilla.redhat.com/CVE-2014-0097
reference_id CVE-2014-0097
reference_type
scores
url https://bugzilla.redhat.com/CVE-2014-0097
1
reference_url http://www.gopivotal.com/security/cve-2014-0097
reference_id CVE-2014-0097
reference_type
scores
url http://www.gopivotal.com/security/cve-2014-0097
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@3.1.6.RELEASE
purl pkg:maven/org.springframework.security/spring-security-core@3.1.6.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.6.RELEASE
1
url pkg:maven/org.springframework.security/spring-security-core@3.2.2.RELEASE
purl pkg:maven/org.springframework.security/spring-security-core@3.2.2.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.2.2.RELEASE
aliases CVE-2014-0097
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h197-qg16-4ug5
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.2.2.RELEASE