{"vulnerability": "CVE-2020-3614", "sightings": [{"uuid": "9ddc774c-6c11-4c03-a759-0815d2ed669d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36144", "type": "seen", "source": "https://t.me/cibsecurity/25154", "content": "\u203c CVE-2020-36144 \u203c\n\nRedash 8.0.0 is affected by LDAP Injection. There is an authentication bypass and information leak through the crafting of special queries, escaping the provided template because the ldap_user = auth_ldap_user(request.form[\"email\"], request.form[\"password\"]) auth_ldap_user(username, password) settings.LDAP_SEARCH_TEMPLATE % {\"username\": username} code lacks sanitization.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-18T23:37:37.000000Z"}, {"uuid": "95f92a94-6934-456e-8044-43d95b8cd2ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36148", "type": "seen", "source": "https://t.me/cibsecurity/23264", "content": "\u203c CVE-2020-36148 \u203c\n\nIncorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-09T00:39:12.000000Z"}]}