EPSS
Percentile
73.9%
is-user-valid is vulnerable to Lightweight Directory Access Protocol (LDAP) Injection. The vulnerability exists due to an unsanitized validate function when authenticating the email in the getEmail function.
validate
getEmail
github.com/Telefonica/is-user-valid/blob/master/lib/routes/index.js#L26
github.com/Telefonica/is-user-valid/blob/master/lib/services/ldap-provider.js#L30