Vulnerability Database
Blog
FAQ
Docs
GHSA-m7p8-9w66-9frm
Suggest an improvement
Source
https://github.com/advisories/GHSA-m7p8-9w66-9frm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/01/GHSA-m7p8-9w66-9frm/GHSA-m7p8-9w66-9frm.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-m7p8-9w66-9frm
Aliases
CVE-2017-17718
Published
2018-01-06T01:11:34Z
Modified
2023-11-08T03:59:14.647519Z
Severity
5.9 (Medium)
CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS Calculator
Summary
net-ldap Improper Certificate Validation vulnerability
Details
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.
References
https://nvd.nist.gov/vuln/detail/CVE-2017-17718
https://github.com/ruby-ldap/ruby-net-ldap/issues/258
https://github.com/ruby-ldap/ruby-net-ldap/pull/279
https://github.com/ruby-ldap/ruby-net-ldap
http://openwall.com/lists/oss-security/2017/12/17/10
Affected packages
RubyGems
/
net-ldap
Package
Name
net-ldap
Purl
pkg:gem/net-ldap
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0.16.0
Affected versions
0.*
0.0.5
0.1.0
0.1.1
0.2
0.2.1
0.2.2
0.3.0
0.3.1
0.5.1
0.6.0
0.6.1
0.7.0
0.8.0
0.9.0
0.10.0
0.10.1
0.11
0.12.0
0.12.1
0.13.0
0.14.0
0.15.0
GHSA-m7p8-9w66-9frm - OSV