CVE-2017-17718

CVE-2017-17718

EPSS 1.3%

The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://openwall.com/lists/oss-security/2017/12/17/10 https://github.com/ruby-ldap/ruby-net-ldap/issues/258 https://github.com/ruby-ldap/ruby-net-ldap/pull/279