Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Neutralization of Special Elements used in an LDAP Query
Vulnerability Description
Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in version 1.16.3. If users are unable to update they should disable the LDAP feature if in use.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L
Vulnerability Type
LDAP查询中使用的特殊元素转义处理不恰当(LDAP注入)
Vulnerability Title
Thunderdome 注入漏洞
Vulnerability Description
Thunderdome是美国Steven Weathers个人开发者的一款具有有趣主题的开源敏捷规划扑克应用程序。 Thunderdome 存在注入漏洞,该漏洞源于 LDAP 身份验证功能对提供的用户名未正确转义,此问题已在 1.16.3 版中修复。
CVSS Information
N/A
Vulnerability Type
N/A