npm

Severity: high

LDAP Injection

ldapauth-fork

Overview

Versions 2.3.2 and earlier of ldapauth-fork are affected by an LDAP injection vulnerability. This allows an attacker to inject and run arbitrary LDAP commands via the username parameter.

Remediation

Update to ldapauth-fork version 2.3.3 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. reported

    Initial report by Jerome Touffe-Blin
    Oct 17th, 2015
  2. published

    Advisory published
    Sep 18th, 2015