When access rules are used inside a protected host, some URL encodings may bypass filtering system.
Version 0.5.2 includes a patch that fixes the vulnerability
No way for users to fix or remediate the vulnerability without upgrading
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2290
If you have any questions or comments about this advisory: * Open an issue in this repository or LemonLDAP::NG GitLab * Email us at lemonldap-ng-users@ow2.org