com.unboundid:unboundid-ldapsdk@2.0.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the com.unboundid:unboundid-ldapsdk package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
User Impersonation

com.unboundid:unboundid-ldapsdk is a UnboundID LDAP SDK for Java.

Affected version of this package are vulnerable to User Impersonation. The process function in the SimpleBindRequest class which check for empty password when running in synchronous mode.

How to fix User Impersonation?

Upgrade com.unboundid:unboundid-ldapsdk to version 4.0.5 or higher.

[,4.0.5)