Untrusted input might be used to build an LDAP query, which can allow attackers to run arbitrary LDAP queries. If an LDAP query must contain untrusted input then it must be escaped. Likelihood: MEDIUM Confidence: HIGH CWE: - CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’)
OWASP: - A01:2017 - Injection
- A03:2021 - Injection