Описание
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss BRMS 5 | springframework | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | springframework | Out of support scope | ||
| Red Hat JBoss Fuse 6 | springframework | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | springframework | Out of support scope | ||
| Red Hat JBoss SOA Platform 5 | springframework | Out of support scope | ||
| Red Hat Fuse 7.11 | springframework | Fixed | RHSA-2022:5532 | 07.07.2022 |
| Red Hat Virtualization Engine 4.4 | ovirt-dependencies | Fixed | RHSA-2022:5555 | 14.07.2022 |
| Red Hat Virtualization Engine 4.4 | org.ovirt.engine-root | Fixed | RHSA-2022:6393 | 08.09.2022 |
| RHDM 7.12.1 | springframework | Fixed | RHSA-2022:1110 | 29.03.2022 |
| RHPAM 7.12.1 | springframework | Fixed | RHSA-2022:1108 | 29.03.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older ...
Improper Output Neutralization for Logs in Spring Framework
EPSS
4.3 Medium
CVSS3