Lucene search
GoogleOSV:GHSA-26CM-QRC6-MFGJHistoryNov 08, 2021 - 6:16 p.m.
Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker
2021-11-0818:16:21
Google
osv.dev
6
0.002 Low
EPSS
Percentile
60.7%
Impact
LDAP injection vulnerability, only affects instances with LDAP authentication enabled.
Patches
Patch for vulnerability released with v1.16.3.
Workarounds
Disable LDAP feature if in use
References
OWASP LDAP Injection Prevention Cheat Sheet
For more information
If you have any questions or comments about this advisory:
- Open an issue in Thunderdome Github Repository
- Email us at [email protected]
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/stevenweathers/thunderdome-planning-poker | lt | 1.16.3 |
References
github.com/github/securitylab/issues/464#issuecomment-957094994
github.com/StevenWeathers/thunderdome-planning-poker
github.com/StevenWeathers/thunderdome-planning-poker/commit/f1524d01e8a0f2d6c3db5461c742456c692dd8c1
github.com/StevenWeathers/thunderdome-planning-poker/security/advisories/GHSA-26cm-qrc6-mfgj
nvd.nist.gov/vuln/detail/CVE-2021-41232
Related
cve
cve
CVE-2021-41232
2021-11-02 18:15:08
cnvd
cnvd
Thunderdome injection vulnerability
2021-11-03 00:00:00
prion
prion
Code injection
2021-11-02 18:15:00
nvd
nvd
CVE-2021-41232
2021-11-02 18:15:08
veracode
veracode
LDAP Injection
2021-11-03 04:37:10
cvelist
cvelist
osv
osv
CVE-2021-41232
2021-11-02 18:15:08
github
github