Description
Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.
Remediation
References
https://github.com/getredash/redash/issues/5426
https://github.com/getredash/redash/releases
Related Vulnerabilities
CVE-2021-37695 Vulnerability in npm package ckeditor4
CVE-2015-8851 Vulnerability in npm package node-uuid
CVE-2019-10745 Vulnerability in npm package assign-deep
CVE-2020-14366 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2020-2201 Vulnerability in maven package org.jenkins-ci.plugins:sonargraph-integration