Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.directory.api/apache-ldap-api@1.0.2
Typemaven
Namespaceorg.apache.directory.api
Nameapache-ldap-api
Version1.0.2
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-hm2f-t4wa-tuhu
vulnerability_id VCID-hm2f-t4wa-tuhu
summary 
Exposure of Sensitive Information to an Unauthorized Actor
In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request).
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1337
reference_id CVE-2018-1337
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1337
1
reference_url https://github.com/advisories/GHSA-cfw5-v7cw-69cw
reference_id GHSA-cfw5-v7cw-69cw
reference_type
scores
url https://github.com/advisories/GHSA-cfw5-v7cw-69cw
fixed_packages
0
url pkg:maven/org.apache.directory.api/apache-ldap-api@1.0.2
purl pkg:maven/org.apache.directory.api/apache-ldap-api@1.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.directory.api/apache-ldap-api@1.0.2
aliases CVE-2018-1337, GHSA-cfw5-v7cw-69cw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hm2f-t4wa-tuhu
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.directory.api/apache-ldap-api@1.0.2