You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2018/04/05 12:13:00 UTC

[jira] [Created] (CXF-7701) Encode JAX-RS Search query values for the LdapQueryVisitor

Colm O hEigeartaigh created CXF-7701:
----------------------------------------

             Summary: Encode JAX-RS Search query values for the LdapQueryVisitor
                 Key: CXF-7701
                 URL: https://issues.apache.org/jira/browse/CXF-7701
             Project: CXF
          Issue Type: Improvement
    Affects Versions: 3.2.4
            Reporter: Colm O hEigeartaigh
            Assignee: Colm O hEigeartaigh
             Fix For: 3.2.5


When using JAX-RS search with the LdapQueryVisitor, we don't encode the query value by default. This means that an LDAP injection attack is possible. By default we should encode query values (and make it configurable if the user wants to support searching using wildcards for example).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)