When access rules are used inside a protected host, some URL encodings may bypass filtering system.
Version 0.5.2 includes a patch that fixes the vulnerability
No way for users to fix or remediate the vulnerability without upgrading
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2290
If you have any questions or comments about this advisory: * Open an issue in this repository or LemonLDAP::NG GitLab * Email us at lemonldap-ng-users@ow2.org
{ "nvd_published_at": null, "github_reviewed_at": "2020-09-09T18:42:35Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-287" ] }