JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.
{
"cpe": "cpe:2.3:a:jetbrains:ktor:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "1.1.5"
}
]
}