CVE-2020-24660, GHSA-x44x-r84w-8v67
npm/lemonldap-ng-handler
Direct Request (Forced Browsing)
An issue was discovered in LemonLDAP::NG
when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI.
All versions up to 0.5.2
Unfortunately, there is no solution available yet.
2020-09-21
source |