[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2022-32549: Apache Sling: log injection in Sling logging
From:       Robert Munteanu <rombert () apache ! org>
Date:       2022-06-22 7:15:42
Message-ID: abc9b527-a027-ca04-9f9e-9469589fb4c9 () apache ! org
[Download RAW message or body]

Severity: important

Description:

Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log \
injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake \
logs and potentially corrupt log files.

Credit:

Apache Sling would like to thank Alex Collignon for reporting this issue.


[prev in list] [next in list] [prev in thread] [next in thread]