3 matches found
Authorization Bypass
Overview When access rules are used inside a protected host, some URL encodings may bypass filtering system. Recommendation Upgrade to version 0.5.2. References - https://github.com/advisories/GHSA-x44x-r84w-8v67 - https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2290...
Authorization Bypass
lemonldap-ng-handler is vulnerable to authorization bypass. The bypass is possible due to the lack of correct enforcement of regexp-based URL access rules, allowing an attacker to bypass the filtering system using certain URL encodings...
OWASP WAF protection bypass
It's possible to bypass protection by using non-standard URL encodings...