Title: [Python] CWE-090: LDAP Injection · Issue #319 · github/securitylab · GitHub
Open Graph Title: [Python] CWE-090: LDAP Injection · Issue #319 · github/securitylab
X Title: [Python] CWE-090: LDAP Injection · Issue #319 · github/securitylab
Description: Query github/codeql#5443 Report Constructing LDAP names or search filters directly from tainted data enables attackers to inject specially crafted values that changes the initial meaning of the name or filter itself. Successful LDAP inje...
Open Graph Description: Query github/codeql#5443 Report Constructing LDAP names or search filters directly from tainted data enables attackers to inject specially crafted values that changes the initial meaning of the nam...
X Description: Query github/codeql#5443 Report Constructing LDAP names or search filters directly from tainted data enables attackers to inject specially crafted values that changes the initial meaning of the nam...
Opengraph URL: https://github.com/github/securitylab/issues/319
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"[Python] CWE-090: LDAP Injection ","articleBody":"## Query\r\n\r\nhttps://github.com/github/codeql/pull/5443\r\n\r\n## Report\r\n\r\nConstructing LDAP names or search filters directly from tainted data enables attackers to inject specially crafted values that changes the initial meaning of the name or filter itself. Successful LDAP injections attacks can read, modify or delete sensitive information from the directory service.\r\n\r\nThis query identifies cases in which a LDAP query executes user-provided input without being sanitized before.\r\n\r\n- [x] Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). *We would love to have you spread the word about the good work you are doing*\r\n\r\n## Result(s)\r\n\r\n- PRs providing fix:\r\n- - https://github.com/cernanalysispreservation/analysispreservation.cern.ch/pull/2180\r\n- - https://github.com/UCL-INGI/INGInious/pull/662\r\n- - https://github.com/LibrIT/passhport/pull/562\r\n- - https://github.com/getredash/redash/pull/5441\r\n- - https://github.com/abcdabcd987/lxc-gpu/pull/4\r\n","author":{"url":"https://github.com/jorgectf","@type":"Person","name":"jorgectf"},"datePublished":"2021-03-18T16:33:26.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":6},"url":"https://github.com/319/securitylab/issues/319"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:82d2b0fa-75ae-a237-5ddc-b5b3ef3d0235 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | 8474:19F979:25F1868:35D13EC:6A4CE963 |
| html-safe-nonce | 4481ec5de7060b1b821e274aae76143ed1408480e270692a57e0d6d5e182328c |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI4NDc0OjE5Rjk3OToyNUYxODY4OjM1RDEzRUM6NkE0Q0U5NjMiLCJ2aXNpdG9yX2lkIjoiNzI5MzI5MDQ3ODI5MTQ0NjExNSIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | 52c34699213d018c2d18fefcc16b55d9cb61b3655c12891095878f18895628d6 |
| hovercard-subject-tag | issue:835026684 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/github/securitylab/319/issue_layout |
| twitter:image | https://opengraph.githubassets.com/1cbe1bacb72c48bcc0ee0e4620ad242a8d0aaf89c92fd294d96eea5ac8c2e41b/github/securitylab/issues/319 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/1cbe1bacb72c48bcc0ee0e4620ad242a8d0aaf89c92fd294d96eea5ac8c2e41b/github/securitylab/issues/319 |
| og:image:alt | Query github/codeql#5443 Report Constructing LDAP names or search filters directly from tainted data enables attackers to inject specially crafted values that changes the initial meaning of the nam... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | jorgectf |
| hostname | github.com |
| expected-hostname | github.com |
| None | 299b43bca6e02ad35197ffeba30d2466846d5fb02ab96fbced5b5e6cec589fb8 |
| turbo-cache-control | no-preview |
| go-import | github.com/github/securitylab git https://github.com/github/securitylab.git |
| octolytics-dimension-user_id | 9919 |
| octolytics-dimension-user_login | github |
| octolytics-dimension-repository_id | 221101274 |
| octolytics-dimension-repository_nwo | github/securitylab |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 221101274 |
| octolytics-dimension-repository_network_root_nwo | github/securitylab |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | c5a57f04eeb310f57c73fd6d751d957e2ca27ed2 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width