com.unboundid:unboundid-ldapsdk@4.0.1 vulnerabilities

  • latest version

    7.0.3

  • latest non vulnerable version

  • first published

    15 years ago

  • latest version published

    17 days ago

  • licenses detected

  • package registry

  • Direct Vulnerabilities

    Known vulnerabilities in the com.unboundid:unboundid-ldapsdk package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    User Impersonation

    com.unboundid:unboundid-ldapsdk is a UnboundID LDAP SDK for Java.

    Affected version of this package are vulnerable to User Impersonation. The process function in the SimpleBindRequest class which check for empty password when running in synchronous mode.

    How to fix User Impersonation?

    Upgrade com.unboundid:unboundid-ldapsdk to version 4.0.5 or higher.

    [,4.0.5)