CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops

[Zach Hoffman <zrhoffman () apache org>]

Severity: critical

Description:

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the 
POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.

Credit:

This issue was discovered by Apache Traffic Control user pupiles.

References:

https://trafficcontrol.apache.org/security/