oss-sec mailing list archives
CVE-2022-32549: Apache Sling: log injection in Sling logging
From: Robert Munteanu <rombert () apache org>
Date: Wed, 22 Jun 2022 07:15:42 +0000
Severity: important Description: Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files. Credit: Apache Sling would like to thank Alex Collignon for reporting this issue.
Current thread:
- CVE-2022-32549: Apache Sling: log injection in Sling logging Robert Munteanu (Jun 22)