Richard N. Hillegas created DERBY-7147: ------------------------------------------
Summary: LDAP injection vulnerability in LDAPAuthenticationImpl Key: DERBY-7147 URL: https://issues.apache.org/jira/browse/DERBY-7147 Project: Derby Issue Type: Bug Components: JDBC Affects Versions: 10.16.1.1 Reporter: Richard N. Hillegas Assignee: Richard N. Hillegas An LDAP injection vulnerability has been identified in LDAPAuthenticationSchemeImpl.getDNFromUID(). An exploit has not been provided, but there is a possibility that an intruder could bypass authentication checks in Derby-powered applications which rely on external LDAP servers. For more information on LDAP injection, see https://www.synopsys.com/glossary/what-is-ldap-injection.html -- This message was sent by Atlassian Jira (v8.20.10#820010)