{"id":"CVE-2020-24660","details":"An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the \"Lemonldap::NG handler for Node.js\" package.","aliases":["GHSA-x44x-r84w-8v67"],"modified":"2026-04-10T04:19:06.364515Z","published":"2020-09-14T13:15:10.030Z","related":["GHSA-x44x-r84w-8v67"],"references":[{"type":"ADVISORY","url":"https://github.com/LemonLDAPNG/node-lemonldap-ng-handler/releases/tag/0.5.2"},{"type":"ADVISORY","url":"https://github.com/LemonLDAPNG/node-lemonldap-ng-handler/security/advisories/GHSA-x44x-r84w-8v67"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4762"},{"type":"EVIDENCE","url":"https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2290"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lemonldapng/lemonldap-ng.js","events":[{"introduced":"0"},{"fixed":"3ccfc6fb4c7a466778505a84e43f56e9f5574e06"}]},{"type":"GIT","repo":"https://github.com/lemonldapng/node-lemonldap-ng-handler","events":[{"introduced":"0"},{"last_affected":"3ccfc6fb4c7a466778505a84e43f56e9f5574e06"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.5.2"}]}},{"type":"GIT","repo":"https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng","events":[{"introduced":"0"},{"last_affected":"062e236b9720205e4dd6d268c5a1b916fd177e85"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.8"}]}}],"versions":["0.1.2","0.1.3","0.1.5","0.1.6","0.1.7","0.1.8","0.1.9","0.2.0","0.2.1","0.2.2","0.2.3","0.2.4","0.2.5","0.2.6","0.2.7","0.2.8","0.2.9","0.3.0","0.5.0","0.5.2","debian/buster","ubuntu/disco","ubuntu/focal","ubuntu/groovy","v0.5.2","v2.0.0","v2.0.1","v2.0.2","v2.0.3","v2.0.4","v2.0.6","v2.0.7","v2.0.8"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24660.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}