CVE-2021-43350

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-43350

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43350.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-43350

Aliases

Published

2021-11-11T13:15:07.737Z

Modified

2025-12-02T01:10:51.784191Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.

References

Affected packages

Git / github.com/apache/incubator-trafficcontrol

Affected ranges

Type: GIT
Repo: https://github.com/apache/incubator-trafficcontrol
Events: Introduced

b8290a149cc18635e7ec31ecec2c369a1463e7f7

Fixed

5a68d18cd0c07df8ba36c30084cb13d47e771d46

Affected versions

RELEASE-5.*

RELEASE-5.1.0

RELEASE-5.1.0-RC0

RELEASE-5.1.1

RELEASE-5.1.2

RELEASE-5.1.2-RC0

RELEASE-5.1.2-RC1

RELEASE-5.1.2-RC2

RELEASE-5.1.2-RC3

RELEASE-5.1.3

RELEASE-5.1.3-RC0

v5.*

v5.1.0

v5.1.1

v5.1.2

v5.1.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43350.json"

Git / github.com/apache/trafficcontrol

Affected ranges

Type: GIT
Repo: https://github.com/apache/trafficcontrol
Events: Introduced

22a98e7e862ab518598d141d7680170d5100f52d

Fixed

73dfaecce42d86fae22d80e21a2eb22709bd88a1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43350.json"