Yadd

**Name of the Vulnerable Software and Affected Versions** LemonLDAP::NG versions prior to 2.16.7 LemonLDAP::NG versions 2.17 through 2.21 before 2.21.3 **Description** LemonLDAP::NG is susceptible to OS command injection within the Safe jail. The software fails to localize the underscore character ( ) during rule evaluation, potentially allowing an administrator with rule editing privileges to execute commands on the server. **Recommendations** Update LemonLDAP::NG to version 2.16.7 or later. Update LemonLDAP::NG to version 2.21.3 or later.

Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions 2.0.4 through 2.0.12 Description: An issue was discovered in the OAuth2.0 handler where it does not verify access token validity due to a missing expiration check. This allows an attacker to use an expired access token from an OIDC client to access the OAuth2 handler. Recommendations: For versions 2.0.4 through 2.0.12, update to version 2.0.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the OAuth2 handler until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** LemonLDAP::NG versions prior to 2.0.12 **Description** The issue is related to an error in handling user-controlled authorization keys in the authentication system of LemonLDAP::NG. This can be exploited by a remote attacker to conduct spoofing attacks. Session cache corruption can lead to authorization bypass or spoofing, allowing an attacker to be authenticated as one of two different users by making many authentication attempts in a loop. **Recommendations** For versions prior to 2.0.12, update to version 2.0.12 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation. Avoid using the authentication system until the issue is resolved.