VYPR
High severityNVD Advisory· Published Nov 2, 2021· Updated Aug 4, 2024

Improper Neutralization of Special Elements used in an LDAP Query

CVE-2021-41232

Description

Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in version 1.16.3. If users are unable to update they should disable the LDAP feature if in use.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/stevenweathers/thunderdome-planning-pokerGo
< 1.16.31.16.3

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.