Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username.
Advisories for Npm/Ldapauth package
2020
2015
LDAP Injection
This library is vulnerable to LDAP injection through the "username" parameter.