The LDAP directory connector in Atlassian Crowd prior to 2.8.8 and 2.9.x prior to 2.9.5 allows remote malicious users to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian crowd |
||
atlassian crowd 2.9.0 |
||
atlassian crowd 2.9.1 |