CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
Documentation
API Reference
Start Here
  • What is CodeAnt?
  • Join Community
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
      • Android
      • Aws-lambda
      • Castor
      • Java-jwt
      • Jax-rs
      • Jboss
      • Jdo
      • Jedis
      • Jjwt
      • Jsch
      • Kryo
      • Lang
      • Micronaut
      • Mongo
      • Mongodb
      • Mysql
      • Okhttp
      • Rmi
      • Servlets
        • Security
        • Security
          • Audit
          • Castor-deserialization-deepsemgrep
          • Crlf-injection-logs-deepsemgrep
          • Crlf-injection-logs
          • Httpservlet-path-traversal-deepsemgrep
          • Httpservlet-path-traversal
          • Kryo-deserialization-deepsemgrep
          • No-direct-response-writer-deepsemgrep
          • No-direct-response-writer
          • Nosql-injection-servlets
          • Objectinputstream-deserialization-servlets
          • Servletresponse-writer-xss-deepsemgrep
          • Servletresponse-writer-xss
          • Tainted-cmd-from-http-request-deepsemgrep
          • Tainted-cmd-from-http-request
          • Tainted-code-injection-from-http-request-deepsemgrep
          • Tainted-code-injection-from-http-request
          • Tainted-ldapi-from-http-request-deepsemgrep
          • Tainted-ldapi-from-http-request
            • Tainted ldapi from http request
          • Tainted-session-from-http-request-deepsemgrep
          • Tainted-session-from-http-request
          • Tainted-sql-from-http-request-deepsemgrep
          • Tainted-sql-from-http-request
          • Tainted-ssrf-deepsemgrep-add
          • Tainted-ssrf-deepsemgrep-format
          • Tainted-ssrf-deepsemgrep
          • Tainted-ssrf
          • Tainted-xml-decoder-deepsemgrep
          • Tainted-xml-decoder
          • Tainted-xpath-from-http-request-deepsemgrep
          • Tainted-xpath-from-http-request
          • Xstream-anytype-deserialization-deepsemgrep
          • Xxe
      • Spring
      • Thymeleaf
      • Xstream
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Tainted-ldapi-from-http-request

Tainted ldapi from http request

tainted-ldapi-from-http-request

Detected input from a HTTPServletRequest going into an LDAP query. This could lead to LDAP injection if the input is not properly santized, which could result in attackers modifying objects in the LDAP tree structure. Ensure data passed to an LDAP query is not controllable or properly sanitize the data.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection
Tainted ldapi from http requestTainted session from http request deepsemgrep
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.