CVE-2021-3027

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-3027
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3027.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-3027
Published
2021-03-26T03:16:40.647Z
Modified
2026-04-02T06:53:04.353271Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input gets no sanitization.

References

Affected packages

Git / github.com/LibrIT/passhport

Affected ranges

Type
GIT
Repo
https://github.com/LibrIT/passhport
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d585552e4070e896643deb76c36ccbedceff3536
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.5"
        }
    ]
}
Type
GIT
Repo
https://github.com/librit/passhport
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
366b03f607729c4538e91b634ecc57c8398522a1

Affected versions

2.*
2.5
v0.*
v0.9
v0.9.1
v1.*
v1.0
v2.*
v2.0.0
v2.0.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3027.json"