com.cibuddy:karaf.assembly (=1.0.0), com.kagurabi.services:kagura-assembly (>=1.5 <=1.9) +28 more potentially affected by CVE-2016-8750 via org.apache.karaf:apache-karaf (>=2.0.0 <=4.0.7)

org.apache.karaf:apache-karaf MAVEN version =2.0.0, =1.5, =1.5.6, =4.4.1, =1.1.2, =1.0.0, =2.0.0, =2.0.6, =1.0, =2.18.0, =2.7.7, =3.0.0, =1.6.1-incubating, =1.6.1-incubating, =2.0.3 and more Source cves: CVE-2016-8750 Source advisory: OSV:GHSA-CHJ8-5XGW-WCVJ...

CVE-2016-8750

CVE-2016-8750 affects Apache Karaf prior to 4.0.8. The LDAPLoginModule did not properly encode usernames when authenticating via LDAP, exposing a vulnerability to LDAP injection that can lead to Denial of Service. Vulnerable component: Karaf’s LDAP authentication path; root cause: improper userna...