All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure.
is-user-valid project is-user-valid