[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2022-32549: Apache Sling: log injection in Sling logging
From: Robert Munteanu <rombert () apache ! org>
Date: 2022-06-22 7:15:42
Message-ID: abc9b527-a027-ca04-9f9e-9469589fb4c9 () apache ! org
[Download RAW message or body]
Severity: important
Description:
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log \
injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake \
logs and potentially corrupt log files.
Credit:
Apache Sling would like to thank Alex Collignon for reporting this issue.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic