Описание
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.
A flaw was found in Apache Sling Commons Log. This flaw allows an attacker to benefit from the flaw and forge logs, allowing cover tracks and potentially corrupting log files.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Data Grid 8 | org.apache.sling | Not affected | ||
| Red Hat Fuse 7 | org.apache.sling | Not affected | ||
| Red Hat Integration Camel K 1 | org.apache.sling | Not affected | ||
| Red Hat Integration Data Virtualisation Operator | org.apache.sling | Out of support scope | ||
| Red Hat Integration Service Registry | org.apache.sling | Out of support scope | ||
| Red Hat JBoss Data Grid 7 | org.apache.sling | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 7 | org.apache.sling | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | org.apache.sling | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-117
https://bugzilla.redhat.com/show_bug.cgi?id=2102810Sling: log injection in Sling logging
5.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.3
nvd
больше 3 лет назад
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.
CVSS3: 5.3
github
больше 3 лет назад
Log Injection in Apache Sling Commons Log and Apache Sling API
5.3 Medium
CVSS3