Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Android
- Aws-lambda
- Castor
- Java-jwt
- Jax-rs
- Jboss
- Jdo
- Jedis
- Jjwt
- Jsch
- Kryo
- Lang
- Micronaut
- Mongo
- Mongodb
- Mysql
- Okhttp
- Rmi
- Servlets
- Spring
- Log-http-headers
- Security
- Security
- Audit
- Audit
- Castor-deserialization-deepsemgrep
- Hibernate-sqli
- Injection
- Jdbctemplate-sqli
- Jdo-sqli
- Jpa-sqli
- Kryo-deserialization-deepsemgrep
- Objectinputstream-deserialization-spring
- Spring-sqli-deepsemgrep
- Spring-tainted-code-execution
- Spring-tainted-ldap-injection
- Spring-tainted-xmldecoder
- Tainted-ssrf-spring-add
- Tainted-ssrf-spring-format
- Xstream-anytype-deserialization-deepsemgrep
- Xxe
- Simple-command-injection-direct-input
- Spring-tainted-path-traversal
- Tainted-html-string-responsebody
- Thymeleaf
- Xstream
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Spring-tainted-ldap-injection
Spring tainted ldap injection
Untrusted input might be used to build an LDAP query, which can allow attackers to run arbitrary LDAP queries. If an LDAP query must contain untrusted input then it must be escaped. Ensure data passed to an LDAP query is not controllable or properly sanitize the user input with functions like createEqualityFilter.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection