Description
ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username.
Remediation
References
http://www.openwall.com/lists/oss-security/2015/09/18/8
http://www.openwall.com/lists/oss-security/2015/09/21/2
https://github.com/vesse/node-ldapauth-fork/commit/3feea43e243698bcaeffa904a7324f4d96df60e4
https://github.com/vesse/node-ldapauth-fork/issues/21
Related Vulnerabilities
CVE-2010-2076 Vulnerability in maven package org.apache.cxf:cxf-bundle-jaxrs
CVE-2022-24999 Vulnerability in maven package org.webjars.npm:qs
CVE-2023-38647 Vulnerability in maven package org.apache.helix:helix-core
CVE-2023-34454 Vulnerability in maven package org.xerial.snappy:snappy-java
CVE-2019-10330 Vulnerability in maven package org.jenkins-ci.plugins:gitea