pyramid-ldap3@0.3.1 vulnerabilities

pyramid_ldap3

  • latest version

    0.5

  • latest non vulnerable version

  • first published

    10 years ago

  • latest version published

    3 years ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the pyramid-ldap3 package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Authentication Bypass

    pyramid-ldap3 is a project that provides LDAP authentication services for Pyramid application.

    Affected versions of this package are vulnerable to Authentication Bypass. The login value in the search filter wasn't properly escaped in the authenticate() method. In earlier versions it was possible login with a different user name like foo* instead of foobar.

    How to fix Authentication Bypass?

    Upgrade pyramid-ldap3 to version 0.3.2 or higher.

    [,0.3.2)