CNNVD-202509-2821 Information
CNNVD ID
CNNVD-202509-2821
Related CVE
- CNNVD Published: 2025-09-17
Description (Chinese)
LemonLDAP::NG是LemonLDAP::NG开源的一套Web单点登录和访问管理软件。 LemonLDAP::NG 2.16.7之前版本和2.17版本至2.21.3之前版本存在操作系统命令注入漏洞,该漏洞源于Safe jail未在规则评估期间本地化,可能导致OS命令注入攻击。
Description (English)
LemonLDAP: NG is a web single-point login and access management software for LemonLDAP: NG Open Source. LemonLDAP: Before NG 2.16.7 and before 2.17 to 2.21.3, there was an OS command-injected loophole, which originated from the fact that Safe jail was not localized during the rule-based assessment, which could lead to an OS-injection attack.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
LemonLDAP::NG
Published
2025-09-17
Last Modified
2026-02-24
References
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/228d01945d48015f3f9ea8a8dc64d7e6a27750e9 https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/3462
Patch
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/releases
Share on: