Lemonldap-Ng: >> Lemonldap Security Vulnerabilities
LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule.
CVSS Score
8.1
EPSS Score
0.003
Published
2019-06-28
LemonLDAP::NG -2.0.3 has Incorrect Access Control.
CVSS Score
9.8
EPSS Score
0.017
Published
2019-05-22
LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.
CVSS Score
7.5
EPSS Score
0.003
Published
2013-01-01
Page 2