org.openidentityplatform.opendj:opendj-server-legacy@4.6.3 vulnerabilities

latest version

4.9.2

first published

4 years ago

latest version published

1 months ago

licenses detected

CDDL-1.1
[4.4.12,)

package manager

View on Maven Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.openidentityplatform.opendj:opendj-server-legacy package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Infinite loop Affected versions of this package are vulnerable to Infinite loop. An attacker can cause the server to become unresponsive to all LDAP requests without crashing or restarting by executing a crafted `ldapsearch` request with alias dereferencing set to "always" on an alias loop entry. How to fix Infinite loop? Upgrade `org.openidentityplatform.opendj:opendj-server-legacy` to version 4.9.3 or higher.	[,4.9.3)

Infinite loop

Affected versions of this package are vulnerable to Infinite loop. An attacker can cause the server to become unresponsive to all LDAP requests without crashing or restarting by executing a crafted ldapsearch request with alias dereferencing set to "always" on an alias loop entry.

How to fix Infinite loop?

Upgrade org.openidentityplatform.opendj:opendj-server-legacy to version 4.9.3 or higher.

[,4.9.3)

Go back to all versions of this package