N/A

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.

N/A

N/A

Bouncy Castle 信任管理问题漏洞

Bouncy Castle是Bouncy Castle组织的密码学中使用的API集合。它包括适用于Java和C#编程语言的API 。 Bouncy Castle For Java 1.74之前版本存在安全漏洞，该漏洞源于在将证书的Subject Name插入到搜索过滤器时没有进行转义，导致存LDAP注入漏洞。

N/A

N/A