CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
Documentation
API Reference
Start Here
  • What is CodeAnt?
  • Join Community
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
      • Android
      • Aws-lambda
      • Castor
      • Java-jwt
      • Jax-rs
      • Jboss
      • Jdo
      • Jedis
      • Jjwt
      • Jsch
      • Kryo
      • Lang
      • Micronaut
      • Mongo
      • Mongodb
      • Mysql
      • Okhttp
      • Rmi
      • Servlets
        • Security
        • Security
          • Audit
          • Castor-deserialization-deepsemgrep
          • Crlf-injection-logs-deepsemgrep
          • Crlf-injection-logs
          • Httpservlet-path-traversal-deepsemgrep
          • Httpservlet-path-traversal
          • Kryo-deserialization-deepsemgrep
          • No-direct-response-writer-deepsemgrep
          • No-direct-response-writer
          • Nosql-injection-servlets
          • Objectinputstream-deserialization-servlets
          • Servletresponse-writer-xss-deepsemgrep
          • Servletresponse-writer-xss
          • Tainted-cmd-from-http-request-deepsemgrep
          • Tainted-cmd-from-http-request
          • Tainted-code-injection-from-http-request-deepsemgrep
          • Tainted-code-injection-from-http-request
          • Tainted-ldapi-from-http-request-deepsemgrep
            • Tainted ldapi from http request
          • Tainted-ldapi-from-http-request
          • Tainted-session-from-http-request-deepsemgrep
          • Tainted-session-from-http-request
          • Tainted-sql-from-http-request-deepsemgrep
          • Tainted-sql-from-http-request
          • Tainted-ssrf-deepsemgrep-add
          • Tainted-ssrf-deepsemgrep-format
          • Tainted-ssrf-deepsemgrep
          • Tainted-ssrf
          • Tainted-xml-decoder-deepsemgrep
          • Tainted-xml-decoder
          • Tainted-xpath-from-http-request-deepsemgrep
          • Tainted-xpath-from-http-request
          • Xstream-anytype-deserialization-deepsemgrep
          • Xxe
      • Spring
      • Thymeleaf
      • Xstream
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Tainted-ldapi-from-http-request-deepsemgrep

Tainted ldapi from http request

tainted-ldapi-from-http-request

Detected input from a HTTPServletRequest going into an LDAP query. This could lead to LDAP injection if the input is not properly santized, which could result in attackers modifying objects in the LDAP tree structure. Ensure data passed to an LDAP query is not controllable or properly sanitize the data.
Likelihood: HIGH
Confidence: HIGH
CWE:
- CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection
Tainted code injection from http requestTainted ldapi from http request
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.