CVE-2020-24660

Direct Request (Forced Browsing) in npm/lemonldap-ng-handler

Identifiers

CVE-2020-24660, GHSA-x44x-r84w-8v67

Package Slug

npm/lemonldap-ng-handler

Vulnerability

Direct Request (Forced Browsing)

Description

An issue was discovered in LemonLDAP::NG when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI.

Affected Versions

All versions up to 0.5.2

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-09-21

source