[ 
https://issues.apache.org/jira/browse/GEODE-10590?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jinwoo Hwang updated GEODE-10590:
---------------------------------
    Description: 
Remediation of CVE-2026-0636
LDAP Injection via the `parseDN` handling and the LDAP store helpers in 
`X509LDAPCertStoreSpi` and `LDAPStoreHelper`. An attacker can influence LDAP 
search filters by supplying a crafted X.500 subject or issuer string that is 
parsed into an unescaped filter value. This lets the attacker alter the 
directory query used to locate certificates and CRLs, causing the application 
to retrieve incorrect LDAP entries or fail to find the intended ones, which can 
break certificate validation and revocation checks

  was:Remediation of CVE-2026-0636


> Remediation of CVE-2026-0636
> ----------------------------
>
>                 Key: GEODE-10590
>                 URL: https://issues.apache.org/jira/browse/GEODE-10590
>             Project: Geode
>          Issue Type: Improvement
>            Reporter: Jinwoo Hwang
>            Assignee: Jinwoo Hwang
>            Priority: Major
>
> Remediation of CVE-2026-0636
> LDAP Injection via the `parseDN` handling and the LDAP store helpers in 
> `X509LDAPCertStoreSpi` and `LDAPStoreHelper`. An attacker can influence LDAP 
> search filters by supplying a crafted X.500 subject or issuer string that is 
> parsed into an unescaped filter value. This lets the attacker alter the 
> directory query used to locate certificates and CRLs, causing the application 
> to retrieve incorrect LDAP entries or fail to find the intended ones, which 
> can break certificate validation and revocation checks



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to