CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops

[Zach Hoffman]

Severity: critical

Description:

An unauthenticated Apache Traffic Control Traffic Ops user can send a request 
with a specially-crafted username to the POST /login endpoint of any API 
version to inject unsanitized content into the LDAP filter.

Credit:

This issue was discovered by Apache Traffic Control user pupiles.

References:

https://trafficcontrol.apache.org/security/