Description
Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.
Remediation
References
https://github.com/getredash/redash/issues/5426
https://github.com/getredash/redash/releases
Related Vulnerabilities
CVE-2020-7656 Vulnerability in maven package org.fujion.webjars:jquery
CVE-2022-24759 Vulnerability in npm package @chainsafe/libp2p-noise
CVE-2021-21322 Vulnerability in npm package fastify-http-proxy
CVE-2023-22465 Vulnerability in maven package org.http4s:http4s-core_2.12
CVE-2022-28220 Vulnerability in maven package org.apache.james:james-server-protocols-managesieve