[
https://issues.apache.org/jira/browse/GEODE-10590?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jinwoo Hwang updated GEODE-10590:
---------------------------------
Description:
Remediation of CVE-2026-0636
LDAP Injection via the `parseDN` handling and the LDAP store helpers in
`X509LDAPCertStoreSpi` and `LDAPStoreHelper`. An attacker can influence LDAP
search filters by supplying a crafted X.500 subject or issuer string that is
parsed into an unescaped filter value. This lets the attacker alter the
directory query used to locate certificates and CRLs, causing the application
to retrieve incorrect LDAP entries or fail to find the intended ones, which can
break certificate validation and revocation checks
was:Remediation of CVE-2026-0636
> Remediation of CVE-2026-0636
> ----------------------------
>
> Key: GEODE-10590
> URL: https://issues.apache.org/jira/browse/GEODE-10590
> Project: Geode
> Issue Type: Improvement
> Reporter: Jinwoo Hwang
> Assignee: Jinwoo Hwang
> Priority: Major
>
> Remediation of CVE-2026-0636
> LDAP Injection via the `parseDN` handling and the LDAP store helpers in
> `X509LDAPCertStoreSpi` and `LDAPStoreHelper`. An attacker can influence LDAP
> search filters by supplying a crafted X.500 subject or issuer string that is
> parsed into an unescaped filter value. This lets the attacker alter the
> directory query used to locate certificates and CRLs, causing the application
> to retrieve incorrect LDAP entries or fail to find the intended ones, which
> can break certificate validation and revocation checks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)