Unknown · Lemonldap::Ng · CVE-2022-37186
**Name of the Vulnerable Software and Affected Versions**
LemonLDAP::NG versions prior to 2.0.15
**Description**
The issue occurs when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically, resulting in some sessions not being deleted according to the timeoutActivity setting.
**Recommendations**
For versions prior to 2.0.15, update to version 2.0.15 or later to resolve the issue.