CVE-2021-3027
6.5 MEDIUMapp/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection
Published: 2021-03-26 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 6.5 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-74
Affected products
| Vendor | Product |
|---|---|
| librit | passhport |
Description
app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input gets no sanitization.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3027
- [Patch]https://github.com/LibrIT/passhport/commit/366b03f607729c4538e91b634ecc57c8398522a1
- [Patch]https://github.com/LibrIT/passhport/pull/562
- [Other]https://jorgectf.gitlab.io/disclosure/cve-2021-3027/
- [Patch]https://github.com/LibrIT/passhport/commit/366b03f607729c4538e91b634ecc57c8398522a1
- [Patch]https://github.com/LibrIT/passhport/pull/562
- [Other]https://jorgectf.gitlab.io/disclosure/cve-2021-3027/
Related CVEs
Same CWE
- CVE-2026-12223 — A vulnerability was identified in Yealink SIP-T46U 108.86.0.118 (5.5 MEDIUM)
- CVE-2026-12219 — A flaw has been found in Yealink SIP-T46U 108.86.0.118 (6.3 MEDIUM)
- CVE-2026-12206 — A vulnerability was identified in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)
- CVE-2026-12197 — A security flaw has been discovered in Ruijie EG105G-P 2.340 (7.2 HIGH)
- CVE-2026-12188 — A vulnerability was detected in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)