2 matches found
group-lunches (>=0.0.2 <=0.0.10), lets-chat-ldap (>=0.1.0 <=0.4.0) +5 more potentially affected by CVE-2015-7294 via ldapauth-fork (=2.2.19)
ldapauth-fork NPM version =2.2.19 is affected by a known vulnerability. The following packages have a transitive dependency on ldapauth-fork and may be impacted: - group-lunches =0.0.2, =0.1.0, =0.0.2, =0.1.0, =0.0.0, =0.0.1 Source cves: CVE-2015-7294 Source advisory: OSV:GHSA-82MG-X548-GQ3J...
CVE-2015-7294
CVE-2015-7294 affects ldapauth-fork before 2.3.3, where a remote attacker can trigger LDAP injection through a crafted username parameter. The vulnerability is linked to the ldapauth-fork library used for authenticating against LDAP servers. Several connected sources confirm the affected version ...