CVE-2025-61911: Python Ldap Type Confusion Escape
A function meant to escape characters iterates over input without enforcing that the input is a string. If an attacker passes a list or dict of strings, the loop will iterate over the string chunks rather than individual characters. This bypasses character-level bounds checks (e.g., `c < '0'`) and results in injection vulnerabilities due to type confusion. V
Pythongreprules fetch cve-2025-61911-python-ldap-type-confusion-escape --engine opengrepDescription
A function meant to escape characters iterates over input without enforcing that the input is a string. If an attacker passes a list or dict of strings, the loop will iterate over the string chunks rather than individual characters. This bypasses character-level bounds checks (e.g., `c < '0'`) and results in injection vulnerabilities due to type confusion. V
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0