JetBrains Ktor framework prior to 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.
jetbrains ktor