[ 
https://issues.apache.org/jira/browse/GEODE-10590?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jinwoo Hwang updated GEODE-10590:
---------------------------------
    Summary: Remediation of CVE-2026-34480  (was: Remediation of CVE-2026-0636)

> Remediation of CVE-2026-34480
> -----------------------------
>
>                 Key: GEODE-10590
>                 URL: https://issues.apache.org/jira/browse/GEODE-10590
>             Project: Geode
>          Issue Type: Improvement
>            Reporter: Jinwoo Hwang
>            Assignee: Jinwoo Hwang
>            Priority: Major
>
> Remediation of CVE-2026-0636
> LDAP Injection via the `parseDN` handling and the LDAP store helpers in 
> `X509LDAPCertStoreSpi` and `LDAPStoreHelper`. An attacker can influence LDAP 
> search filters by supplying a crafted X.500 subject or issuer string that is 
> parsed into an unescaped filter value. This lets the attacker alter the 
> directory query used to locate certificates and CRLs, causing the application 
> to retrieve incorrect LDAP entries or fail to find the intended ones, which 
> can break certificate validation and revocation checks



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to