Jinwoo Hwang created GEODE-10592:
------------------------------------

             Summary: Remediation of CVE-2026-40984
                 Key: GEODE-10592
                 URL: https://issues.apache.org/jira/browse/GEODE-10592
             Project: Geode
          Issue Type: Improvement
            Reporter: Jinwoo Hwang
            Assignee: Jinwoo Hwang


Affected versions of this package are vulnerable to LDAP Injection in the 
`DefaultLdapRealm` class. An attacker can bypass authentication or impersonate 
other users by injecting LDAP special characters into the Distinguished Name 
(DN) construction during LDAP bind authentication.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to