Jtblin

**Name of the Vulnerable Software and Affected Versions** ldapauth-fork versions 2.2.4 and earlier **Description** The issue allows remote attackers to perform LDAP injection attacks via a crafted `username`. This enables an attacker to inject and run arbitrary LDAP commands. **Recommendations** For versions 2.2.4 and earlier, consider updating to use ldapauth-fork version 2.3.3 or greater. As a temporary workaround, consider restricting the use of the `username` parameter to minimize the risk of exploitation.