{"id":"CVE-2020-36658","details":"In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.","modified":"2026-03-14T10:30:12.394739Z","published":"2023-01-27T05:15:12.973Z","references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00024.html"},{"type":"FIX","url":"https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lemonldapng/apache-session-ldap","events":[{"introduced":"0"},{"fixed":"bdb716659fb0fc7ba438ac18fab907403d09f08c"},{"fixed":"490722b71eed1ed1ab33d58c78578f23e043561f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.5"}]}}],"versions":["0.3","0.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36658.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}