CNNVD-202510-1400 Information
CNNVD ID
CNNVD-202510-1400
Related CVE
- CNNVD Published: 2025-10-10
Description (Chinese)
python-ldap是python基金会的一个用于 Python 的 LDAP 客户端 API。 python-ldap 3.4.5之前版本存在安全漏洞,该漏洞源于ldap.filter.escape_filter_chars方法在escape_mode=1模式下未正确处理list或dict类型的assertion_value参数,可能导致LDAP注入攻击。
Description (English)
Python-ldap is a LDAP client for Python Foundation API. The previous version of python-ldap 3.4.5 contains a security loophole that originates from the ldap.filter.escape filter chars method, which did not properly address the list or dict type ansertion value parameters under the escape mode=1.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Python
Published
2025-10-10
Last Modified
2026-02-24
References
https://github.com/python-ldap/python-ldap/commit/3957526fb1852e84b90f423d9fef34c7af25b85a https://github.com/python-ldap/python-ldap/releases/tag/python-ldap-3.4.5 https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r7r6-cc7p-4v5m https://vigilance.fr/vulnerability/python-ldap-ingress-filtrering-bypass-via-escape-filter-chars-48529 https://access.redhat.com/security/cve/cve-2025-61911
Patch
https://github.com/python-ldap/python-ldap/releases
Share on: