nginx.com reports a security vulnerability: Addressing Security Weaknesses in the NGINX LDAP Reference Implementation

Question

nginx.com reports a security vulnerability: Addressing Security Weaknesses in the NGINX LDAP Reference Implementation

chemsky opened this issue 2 years ago · 2 comments

Addressing Security Weaknesses in the NGINX LDAP Reference Implementation
https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/

On 9 April 2022, security vulnerabilities in the NGINX LDAP reference implementation were publicly shared. We have determined that only the reference implementation is affected. NGINX Open Source and NGINX Plus are not themselves affected, and no corrective action is necessary if you do not use the reference implementation.
...

Does the community have a plan to this issue ? thanks

chemsky commented 2 years ago

thanks

Answer 1 · 2022-08-31T11:54:29.000Z

HI @chemsky the steps to mitigate this vulnerability are outlined in the blog post you just shared.

The missing input validation on the list of groups that made the implementation vulnerable to LDAP Query Injection was fixed with commit c0a43f4

Let us know if you any more questions about it.