[
https://issues.apache.org/jira/browse/GEODE-10590?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jinwoo Hwang updated GEODE-10590:
---------------------------------
Summary: Remediation of CVE-2026-34480 (was: Remediation of CVE-2026-0636)
> Remediation of CVE-2026-34480
> -----------------------------
>
> Key: GEODE-10590
> URL: https://issues.apache.org/jira/browse/GEODE-10590
> Project: Geode
> Issue Type: Improvement
> Reporter: Jinwoo Hwang
> Assignee: Jinwoo Hwang
> Priority: Major
>
> Remediation of CVE-2026-0636
> LDAP Injection via the `parseDN` handling and the LDAP store helpers in
> `X509LDAPCertStoreSpi` and `LDAPStoreHelper`. An attacker can influence LDAP
> search filters by supplying a crafted X.500 subject or issuer string that is
> parsed into an unescaped filter value. This lets the attacker alter the
> directory query used to locate certificates and CRLs, causing the application
> to retrieve incorrect LDAP entries or fail to find the intended ones, which
> can break certificate validation and revocation checks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)