LemonLDAP::NG 安全漏洞

LemonLDAP::NG is a set of Web single sign-on and access management software from LemonLDAP::NG open source. A security vulnerability exists in LemonLDAP::NG version 2.18.x and 2.19.x prior to 2.19.2, which stems from the presence of incorrect credential validation, allowing an attacker to bypass...

PT-2024-31405 · Jinja2 +1 · Jinja2 +1

Name of the Vulnerable Software and Affected Versions: Fides versions 2.19.0 through 2.43.x Description: The Email Templating feature in Fides uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...