Skip to main content

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

CVE-2022-45046

Severity High
Score 9.8/10

Summary

The camel-ldap component allows LDAP Injection in versions 3.0.x prior to 3.14.6, 3.15.x prior to 3.18.4 when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected).

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

The software constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

Advisory Timeline

  • Published