gruberroland
published
GHSA-r387-grjx-qgvwJun 27, 2022
Package
ldap-account-manager
(none)
Affected versions
< 8.0
Patched versions
8.0
Description
Impact
There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument.
This can lead to code execution if non-LAM classes are instantiated that execute code during object creation.
Patches
The issue is fixed in version 8.0.
Workarounds
None
For more information
If you have any questions or comments about this advisory:
Impact
There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument.
This can lead to code execution if non-LAM classes are instantiated that execute code during object creation.
Patches
The issue is fixed in version 8.0.
Workarounds
None
For more information
If you have any questions or comments about this advisory:
Credits
Arseniy Sharoglazov