CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard

Spring tainted ldap injection

spring-tainted-ldap-injection

Untrusted input might be used to build an LDAP query, which can allow attackers to run arbitrary LDAP queries. If an LDAP query must contain untrusted input then it must be escaped. Ensure data passed to an LDAP query is not controllable or properly sanitize the user input with functions like createEqualityFilter.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection

Assistant
Responses are generated using AI and may contain mistakes.
twitterlinkedin
Powered by Mintlify
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database

    Spring tainted ldap injection

    spring-tainted-ldap-injection

    Untrusted input might be used to build an LDAP query, which can allow attackers to run arbitrary LDAP queries. If an LDAP query must contain untrusted input then it must be escaped. Ensure data passed to an LDAP query is not controllable or properly sanitize the user input with functions like createEqualityFilter.
    Likelihood: MEDIUM
    Confidence: HIGH
    CWE:
    - CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’)
    OWASP:
    - A01:2017 - Injection
    - A03:2021 - Injection

    Assistant
    Responses are generated using AI and may contain mistakes.
    twitterlinkedin
    Powered by Mintlify