Description
Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.
Remediation
References
https://github.com/getredash/redash/releases
https://github.com/getredash/redash/issues/5426
Related Vulnerabilities
CVE-2018-16487 Vulnerability in maven package org.webjars:lodash
CVE-2018-13797 Vulnerability in npm package macaddress
CVE-2022-2191 Vulnerability in maven package org.eclipse.jetty:jetty-server
CVE-2020-7707 Vulnerability in npm package property-expr
CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15on