Findings for Container Security, Low, [TheRedHatter/javagoof:Dockerfile]:Improper Certificate Validation
Created by: armorcodegithubpreprod[bot]
Findings for Container Security, Low, [TheRedHatter/javagoof:Dockerfile]:Improper Certificate Validation
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >*
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream openldap package.
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active