15 matches found
Astra Linux - уязвимость в python-ldap
Python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars could be exploited to skip escaping special characters when a crafted list or dict was provided as the assertionvalue parameter, and...
Sanitization Bypass
python-ldap is vulnerable to Sanitization Bypass. The vulnerability is due to improper escaping in escapefilterchars when escapemode=1 is used, where crafted list or dict inputs bypass character escaping due to missing type validation, and attackers can exploit this to inject malicious LDAP filte...
SUSE CVE-2025-61911
python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...
GHSA-R7R6-CC7P-4V5M python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
Summary The sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and the non-default escapemode=1 is configured. Details The method ldap.filter.escapefilterchars supports 3...
python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
Summary The sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and the non-default escapemode=1 is configured. Details The method ldap.filter.escapefilterchars supports 3...
DEBIAN-CVE-2025-61911
python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...
CVE-2025-61911
python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...
CVE-2025-61911 python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...
CVE-2025-61911 python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...
CVE-2025-61911
python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...
python-ldap 安全漏洞
python-ldap is a python foundation LDAP client API for Python. A security vulnerability exists in python-ldap versions prior to 3.4.5, which stems from the ldap.filter.escapefilterchars method not properly handling the assertionvalue parameter of type list or dict in escapemode=1 mode, which coul...
Design/Logic Flaw
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
UBUNTU-CVE-2020-25739
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
PT-2020-16179 · Ruby +1 · Gon +1
Name of the Vulnerable Software and Affected Versions: gon versions prior to 6.4.0 Description: An issue was discovered in the gon gem for Ruby, where MultiJson does not honor the escape mode parameter to escape fields as an XSS protection mechanism. To mitigate, json dumper.rb in gon now does...
Cross-Site Scripting
Overview Affected versions of nunjucks do not properly escape specially structured user input in template vars when in auto-escape mode, resulting in a cross-site scripting vulnerability. Proof of Concept By using an array for the keys in a template var, escaping is bypassed. javascript name=aler...