LemonLDAP::NG prior to 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lemonldap-ng lemonldap\\ \\ |
||
debian debian linux 8.0 |