org.apache.derby:derby-project@10.14.2.0 vulnerabilities

  • latest version

    10.17.1.0

  • latest non vulnerable version

  • first published

    15 years ago

  • latest version published

    1 years ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the org.apache.derby:derby-project package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    LDAP Injection

    org.apache.derby:derby-project is an an open source relational database implemented entirely in Java.

    Affected versions of this package are vulnerable to LDAP Injection due to improper LDAP authentication checks. An attacker can fill up the disk by creating junk databases and execute malware visible to and executable by the account which booted the server. Additionally, if the databases aren't also protected by SQL GRANT/REVOKE authorization, the attacker can view and corrupt sensitive data, and run sensitive database functions and procedures.

    How to fix LDAP Injection?

    Upgrade org.apache.derby:derby-project to version 10.17.1.0 or higher.

    [10.1.1.0,10.17.1.0)