VYPR

PyPI package

lemur

pkg:pypi/lemur

Vulnerabilities (4)

  • CVE-2026-44305MedMay 12, 2026
    affected < 1.9.0fixed 1.9.0

    Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled (LDAP_USE_TLS = True), Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned be

  • CVE-2026-44304HigMay 12, 2026
    affected < 1.9.0fixed 1.9.0

    Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module (lemur/auth/ldap.py) constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through th

  • CVE-2023-30797Apr 19, 2023
    affected < 1.3.2fixed 1.3.2

    Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.

  • CVE-2015-7764HigAug 9, 2017
    affected < 0.1.5fixed 0.1.5

    Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.