GHSA-5835-4GVC-32PC Maddy Mail Server has an LDAP Filter Injection via Unsanitized Username
Summary The auth.ldap module constructs LDAP search filters and DN strings by directly interpolating user-supplied usernames via strings.ReplaceAll without any LDAP filter escaping. An attacker who can reach the SMTP submission AUTH PLAIN or IMAP LOGIN interface can inject arbitrary LDAP filter...