CVE-2015-7294: LDAP Injection

September 6, 2017 (updated September 11, 2017)

The library is vulnerable to LDAP injection through the “username” parameter.

References

github.com/vesse/node-ldapauth-fork/commit/3feea43e243698bcaeffa904a7324f4d96df60e4
github.com/vesse/node-ldapauth-fork/issues/21

Code Behaviors & Features

Detect and mitigate CVE-2015-7294 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →