github.com/apache/trafficcontrol is vulnerable to LDAP injection. An attacker is able to send malicious username to the the login or post endpoint of any API version, inject unsanitized content into the LDAP filter, allowing the malicious query injection.