Skip to content

[GEODE-10591] Remediation of CVE-2026-49268#8017

Open
JinwooHwang wants to merge 3 commits into
apache:developfrom
JinwooHwang:feature/GEODE-10591
Open

[GEODE-10591] Remediation of CVE-2026-49268#8017
JinwooHwang wants to merge 3 commits into
apache:developfrom
JinwooHwang:feature/GEODE-10591

Conversation

@JinwooHwang

Copy link
Copy Markdown
Contributor

Affected versions of this package are vulnerable to LDAP Injection in the DefaultLdapRealm class. An attacker can bypass authentication or impersonate other users by injecting LDAP special characters into the Distinguished Name (DN) construction during LDAP bind authentication.

For all changes, please confirm:

  • Is there a JIRA ticket associated with this PR? Is it referenced in the commit message?
  • Has your PR been rebased against the latest commit within the target branch (typically develop)?
  • Is your initial contribution a single, squashed commit?
  • Does gradlew build run cleanly?
  • Have you written or updated unit tests to verify your changes?
  • If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?

@JinwooHwang JinwooHwang requested a review from marinov-code July 13, 2026 13:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants