High severityNVD Advisory· Published Nov 2, 2021· Updated Aug 4, 2024
Improper Neutralization of Special Elements used in an LDAP Query
CVE-2021-41232
Description
Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in version 1.16.3. If users are unable to update they should disable the LDAP feature if in use.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/stevenweathers/thunderdome-planning-pokerGo | < 1.16.3 | 1.16.3 |
Affected products
2- Range: < 2.0.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-26cm-qrc6-mfgjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-41232ghsaADVISORY
- github.com/StevenWeathers/thunderdome-planning-poker/commit/f1524d01e8a0f2d6c3db5461c742456c692dd8c1ghsax_refsource_MISCWEB
- github.com/StevenWeathers/thunderdome-planning-poker/security/advisories/GHSA-26cm-qrc6-mfgjghsax_refsource_CONFIRMWEB
- github.com/github/securitylab/issues/464ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.