- Risk: low
- CVSS v3 Base Score: 4.1
- CVSS v3 Vector: AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
- CWE ID: CWE-918
- CWE Name: Server-Side Request Forgery (SSRF)
- CVE: CVE-2021-40537
Description
Server Side Request Forgery (SSRF) vulnerability in the settings of the user_ldap app. Administration role is necessary for exploitation.
Affected
- user_ldap < 0.15.4
Action taken
Filter invalid characters from the user_ldap settings.