CVE-2021-3027

2021-03-2603:16:40

Google

osv.dev

librit

passhport

ldap injection

information leak

sanitization

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

42.1%

JSON

app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input gets no sanitization.

References

github.com/LibrIT/passhport/commit/366b03f607729c4538e91b634ecc57c8398522a1

github.com/LibrIT/passhport/pull/562

jorgectf.gitlab.io/disclosure/cve-2021-3027/