com.unboundid:unboundid-ldapsdk@2.3.7 vulnerabilities

The UnboundID LDAP SDK for Java is a fast, comprehensive, and easy-to-use Java API for communicating with LDAP directory servers and performing related tasks like reading and writing LDIF, encoding and decoding data using base64 and ASN.1 BER, and performing secure communication. This package contains the Standard Edition of the LDAP SDK, which is a complete, general-purpose library for communicating with LDAPv3 directory servers.

latest version

6.0.7
latest non vulnerable version

6.0.7
first published

13 years ago
latest version published

2 months ago
licenses detected
- (GPL-2.0 OR LGPL-2.1 OR UnboundID-LDAP-SDK-Free)
  [1.1.0,5.0.0)
package manager

View on Maven Repository

Known vulnerabilities in the com.unboundid:unboundid-ldapsdk package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
C User Impersonation com.unboundid:unboundid-ldapsdk is a UnboundID LDAP SDK for Java. Affected version of this package are vulnerable to User Impersonation. The process function in the `SimpleBindRequest` class which check for empty password when running in synchronous mode. How to fix User Impersonation? Upgrade `com.unboundid:unboundid-ldapsdk` to version 4.0.5 or higher.	(,4.0.5)