CVE-2022-32549

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-32549
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-32549.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-32549
Aliases
Published
2022-06-22T15:15:08Z
Modified
2024-10-12T09:43:33.848079Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.

References

Affected packages

Git / github.com/apache/sling-org-apache-sling-api

Affected ranges

Type
GIT
Repo
https://github.com/apache/sling-org-apache-sling-api
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Type
GIT
Repo
https://github.com/apache/sling-org-apache-sling-commons-log
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

org.*

org.apache.sling.api-2.16.4
org.apache.sling.api-2.17.0
org.apache.sling.api-2.18.0
org.apache.sling.api-2.18.2
org.apache.sling.api-2.18.4
org.apache.sling.api-2.20.0
org.apache.sling.api-2.21.0
org.apache.sling.api-2.22.0
org.apache.sling.api-2.23.0
org.apache.sling.api-2.23.4
org.apache.sling.api-2.23.6
org.apache.sling.api-2.24.0
org.apache.sling.api-2.25.0
org.apache.sling.commons.log-5.1.0
org.apache.sling.commons.log-5.1.10
org.apache.sling.commons.log-5.1.12
org.apache.sling.commons.log-5.1.14
org.apache.sling.commons.log-5.1.2
org.apache.sling.commons.log-5.1.4
org.apache.sling.commons.log-5.1.6
org.apache.sling.commons.log-5.1.8
org.apache.sling.commons.log-5.2.0
org.apache.sling.commons.log-5.3.0
org.apache.sling.commons.log-5.4.0