CVE-2021-23335— LDAP Injection

CVSS 7.5 · High EPSS 0.25% · P48 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-23335

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

LDAP Injection

Source: NVD (National Vulnerability Database)

Vulnerability Description

All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Is-user-valid 注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Is-user-valid中存在注入漏洞，该漏洞源于用户输入构造命令、数据结构或记录的操作过程中，网络系统或产品缺乏对用户输入数据的正确验证，未过滤或未正确过滤掉其中的特殊元素，导致系统或产品产生解析或解释方式错误。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	is-user-valid	0 ~ unspecified	-

II. Public POCs for CVE-2021-23335

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-23335

请登录查看更多情报信息。

https://snyk.io/vuln/SNYK-JS-ISUSERVALID-1056766x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2021-23335

Same Patch Batch · n/a · 2021-02-11 · 23 CVEs total

CVE-2021-22658		Advantech Iview SQL注入漏洞
CVE-2021-21976		vSphere Replication 命令注入漏洞
CVE-2020-9307		Hirschmann 安全漏洞
CVE-2019-19005		AutoTrace 资源管理错误漏洞
CVE-2019-19004		AutoTrace 输入验证错误漏洞
CVE-2020-25493		Oclean Mobile Application 加密问题漏洞
CVE-2021-27191		Joe Schofield Get-ip-range 输入验证错误漏洞
CVE-2021-22881		Rails Action Pack 输入验证错误漏洞
CVE-2021-22880		Postgresql PostgreSQL 资源管理错误漏洞
CVE-2021-22652		Advantech Iview 访问控制错误漏洞
CVE-2021-22656		Advantech Iview 路径遍历漏洞
CVE-2020-35498		Openvswitch 资源管理错误漏洞
CVE-2021-22654		Advantech Iview SQL注入漏洞
CVE-2021-20188		Podman 访问控制错误漏洞
CVE-2020-10734		Keycloak 跨站请求伪造漏洞
CVE-2020-1717		Keycloak 安全漏洞
CVE-2021-25688		Teradici PCoIP Agents 日志信息泄露漏洞
CVE-2021-25689		Teradici PCoIP soft client 缓冲区错误漏洞
CVE-2021-25690		Teradici PCoIP Soft Client 代码问题漏洞
CVE-2020-13186		Teradici Cloud Access Connector 跨站请求伪造漏洞

Showing top 20 of 23 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a

V. Comments for CVE-2021-23335

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-23335— LDAP Injection

I. Basic Information for CVE-2021-23335

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-23335

III. Intelligence Information for CVE-2021-23335

Same Patch Batch · n/a · 2021-02-11 · 23 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-23335

Leave a comment