You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2018/04/05 12:13:00 UTC
[jira] [Created] (CXF-7701) Encode JAX-RS Search query values for
the LdapQueryVisitor
Colm O hEigeartaigh created CXF-7701:
----------------------------------------
Summary: Encode JAX-RS Search query values for the LdapQueryVisitor
Key: CXF-7701
URL: https://issues.apache.org/jira/browse/CXF-7701
Project: CXF
Issue Type: Improvement
Affects Versions: 3.2.4
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Fix For: 3.2.5
When using JAX-RS search with the LdapQueryVisitor, we don't encode the query value by default. This means that an LDAP injection attack is possible. By default we should encode query values (and make it configurable if the user wants to support searching using wildcards for example).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)