Sha256: f0b23b60d0ef9a0162231fc14b3220f23ca7f12f65b6b83940c5a3718862bb82

Contents?: true

Size: 592 Bytes

Versions: 3

Compression:

Stored size: 592 Bytes

Contents

---
gem: net-ldap
cve: 2017-17718
date: 2017-12-17
url: https://github.com/ruby-ldap/ruby-net-ldap/issues/258
title: No validation of hostname certificate in net-ldap
description: |
  The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL
  Certificate Validation. The LDAP server's certificate was not verified
  to match the host it was supposed to be connecting to.

patched_versions:
  - ">= 0.16.0"
related:
  url:
    - https://github.com/ruby-ldap/ruby-net-ldap/pull/279
    - https://github.com/ruby-ldap/ruby-net-ldap/commit/e4c46a223a19feda78393a793711353aa1febdcd

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/net-ldap/CVE-2017-17718.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/net-ldap/CVE-2017-17718.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/net-ldap/CVE-2017-17718.yml