CVE-2021-43350: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
(updated )
An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.
References
Detect and mitigate CVE-2021-43350 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →