x/vulndb: potential Go vuln in github.com/stevenweathers/thunderdome-planning-poker: GHSA-26cm-qrc6-mfgj

[GoVulnBot]

In GitHub Security Advisory GHSA-26cm-qrc6-mfgj, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/stevenweathers/thunderdome-planning-poker	1.16.3	< 1.16.3

Cross references:

• CVE-2021-41232 appears in issue x/vulndb: potential Go vuln in github.com/stevenweathers/thunderdome-planning-poker: CVE-2021-41232, GHSA-26cm-qrc6-mfgj #939 NOT_IMPORTABLE
• GHSA-26cm-qrc6-mfgj appears in issue x/vulndb: potential Go vuln in github.com/stevenweathers/thunderdome-planning-poker: CVE-2021-41232, GHSA-26cm-qrc6-mfgj #939 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - fixed: 1.16.3
    packages:
      - package: github.com/stevenweathers/thunderdome-planning-poker
description: |
    ### Impact
    LDAP injection vulnerability, only affects instances with LDAP authentication enabled.

    ### Patches
    Patch for vulnerability released with v1.16.3.

    ### Workarounds
    Disable LDAP feature if in use

    ### References
    [OWASP LDAP Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html
    )

    ### For more information
    If you have any questions or comments about this advisory:
    * Open an issue in [Thunderdome Github Repository](https://github.com/StevenWeathers/thunderdome-planning-poker)
    * Email us at [[email protected]](mailto:[email protected])
cves:
  - CVE-2021-41232
ghsas:
  - GHSA-26cm-qrc6-mfgj

[tatianab]

Duplicate of #939