CVE-2022-32549
- Source
- https://cve.org/CVERecord?id=CVE-2022-32549
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-32549.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-32549
- Aliases
- Published
- 2022-06-22T15:15:08.407Z
- Modified
- 2026-02-21T07:42:36.985329Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.
- References
Affected packages
Git / github.com/apache/sling-org-apache-sling-api
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/sling-org-apache-sling-api
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
org.*
org.apache.sling.api-2.16.4
org.apache.sling.api-2.17.0
org.apache.sling.api-2.18.0
org.apache.sling.api-2.18.2
org.apache.sling.api-2.18.4
org.apache.sling.api-2.20.0
org.apache.sling.api-2.21.0
org.apache.sling.api-2.22.0
org.apache.sling.api-2.23.0
org.apache.sling.api-2.23.4
org.apache.sling.api-2.23.6
org.apache.sling.api-2.24.0
org.apache.sling.api-2.25.0