tippexs
commented
1 year ago HI @chemsky the steps to mitigate this vulnerability are outlined in the blog post you just shared.
The missing input validation on the list of groups that made the implementation vulnerable to LDAP Query Injection was fixed with commit c0a43f4800aa4c32c3fdc33a6cc216d2f569c582
Let us know if you any more questions about it.
chemsky
Addressing Security Weaknesses in the NGINX LDAP Reference Implementation https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/
On 9 April 2022, security vulnerabilities in the NGINX LDAP reference implementation were publicly shared. We have determined that only the reference implementation is affected. NGINX Open Source and NGINX Plus are not themselves affected, and no corrective action is necessary if you do not use the reference implementation. ...
Does the community have a plan to this issue ? thanks