Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for sling_commons_log by apache

    CVE-2022-32549 (GCVE-0-2022-32549)

    Vulnerability from nvd – Published: 2022-06-22 14:25 – Updated: 2024-08-03 07:46
    VLAI
    Title
    log injection in Sling logging
    Summary
    Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.
    Severity
    No CVSS data available.
    CWE
    • CWE-117 - Improper Output Neutralization for Logs
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Sling Affected: Apache Sling API , ≤ 2.25.0 (custom)
    Affected: Apache Sling Commons Log , ≤ 5.4.0 (custom)
    Create a notification for this product.
    Credits
    Apache Sling would like to thank Alex Collignon for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:43.499Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/7z6h3806mwcov5kx6l96pq839sn0po1v"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Sling",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "2.25.0",
                  "status": "affected",
                  "version": "Apache Sling API",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "5.4.0",
                  "status": "affected",
                  "version": "Apache Sling Commons Log",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Apache Sling would like to thank Alex Collignon for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache Sling Commons Log \u003c= 5.4.0 and Apache Sling API \u003c= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "other": "important"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-117",
                  "description": "CWE-117: Improper Output Neutralization for Logs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-22T14:25:10.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread/7z6h3806mwcov5kx6l96pq839sn0po1v"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "log injection in Sling logging",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "ID": "CVE-2022-32549",
              "STATE": "PUBLIC",
              "TITLE": "log injection in Sling logging"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Sling",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "Apache Sling API",
                                "version_value": "2.25.0"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "Apache Sling Commons Log",
                                "version_value": "5.4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache Software Foundation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Apache Sling would like to thank Alex Collignon for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Apache Sling Commons Log \u003c= 5.4.0 and Apache Sling API \u003c= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": [
              {
                "other": "important"
              }
            ],
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-117: Improper Output Neutralization for Logs"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://lists.apache.org/thread/7z6h3806mwcov5kx6l96pq839sn0po1v",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread/7z6h3806mwcov5kx6l96pq839sn0po1v"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2022-32549",
        "datePublished": "2022-06-22T14:25:10.000Z",
        "dateReserved": "2022-06-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T07:46:43.499Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32549 (GCVE-0-2022-32549)

    Vulnerability from cvelistv5 – Published: 2022-06-22 14:25 – Updated: 2024-08-03 07:46
    VLAI
    Title
    log injection in Sling logging
    Summary
    Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.
    Severity
    No CVSS data available.
    CWE
    • CWE-117 - Improper Output Neutralization for Logs
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Sling Affected: Apache Sling API , ≤ 2.25.0 (custom)
    Affected: Apache Sling Commons Log , ≤ 5.4.0 (custom)
    Create a notification for this product.
    Credits
    Apache Sling would like to thank Alex Collignon for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:43.499Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/7z6h3806mwcov5kx6l96pq839sn0po1v"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Sling",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "2.25.0",
                  "status": "affected",
                  "version": "Apache Sling API",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "5.4.0",
                  "status": "affected",
                  "version": "Apache Sling Commons Log",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Apache Sling would like to thank Alex Collignon for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache Sling Commons Log \u003c= 5.4.0 and Apache Sling API \u003c= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "other": "important"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-117",
                  "description": "CWE-117: Improper Output Neutralization for Logs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-22T14:25:10.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread/7z6h3806mwcov5kx6l96pq839sn0po1v"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "log injection in Sling logging",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "ID": "CVE-2022-32549",
              "STATE": "PUBLIC",
              "TITLE": "log injection in Sling logging"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Sling",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "Apache Sling API",
                                "version_value": "2.25.0"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "Apache Sling Commons Log",
                                "version_value": "5.4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache Software Foundation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Apache Sling would like to thank Alex Collignon for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Apache Sling Commons Log \u003c= 5.4.0 and Apache Sling API \u003c= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": [
              {
                "other": "important"
              }
            ],
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-117: Improper Output Neutralization for Logs"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://lists.apache.org/thread/7z6h3806mwcov5kx6l96pq839sn0po1v",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread/7z6h3806mwcov5kx6l96pq839sn0po1v"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2022-32549",
        "datePublished": "2022-06-22T14:25:10.000Z",
        "dateReserved": "2022-06-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T07:46:43.499Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }