GHSA-26cm-qrc6-mfgj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-26cm-qrc6-mfgj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-26cm-qrc6-mfgj/GHSA-26cm-qrc6-mfgj.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-26cm-qrc6-mfgj
- Aliases
- Related
- Published
- 2021-11-08T18:16:21Z
- Modified
- 2024-08-21T16:28:43.491998Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L CVSS Calculator
- Summary
- Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker
- Details
-
Impact
LDAP injection vulnerability, only affects instances with LDAP authentication enabled.
Patches
Patch for vulnerability released with v1.16.3.
Workarounds
Disable LDAP feature if in use
References
OWASP LDAP Injection Prevention Cheat Sheet
For more information
If you have any questions or comments about this advisory: * Open an issue in Thunderdome Github Repository * Email us at steven@weathers.me
- Database specific
{ "nvd_published_at": "2021-11-02T18:15:00Z", "cwe_ids": [ "CWE-116", "CWE-74", "CWE-90" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-11-02T18:40:07Z" }- References
-
- https://github.com/StevenWeathers/thunderdome-planning-poker/security/advisories/GHSA-26cm-qrc6-mfgj
- https://nvd.nist.gov/vuln/detail/CVE-2021-41232
- https://github.com/github/securitylab/issues/464#issuecomment-957094994
- https://github.com/StevenWeathers/thunderdome-planning-poker/commit/f1524d01e8a0f2d6c3db5461c742456c692dd8c1
- https://github.com/StevenWeathers/thunderdome-planning-poker
Affected packages
Go / github.com/stevenweathers/thunderdome-planning-poker
Package
- Name
- github.com/stevenweathers/thunderdome-planning-poker
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/stevenweathers/thunderdome-planning-poker