CVE-2024-35371
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-35371
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-35371.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-35371
- Aliases
- Published
- 2024-11-29T20:15:20Z
- Modified
- 2025-10-17T02:46:50.919876Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included in log entries without restrictions.
- References
Affected packages
Git / github.com/ant-media/ant-media-server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ant-media/ant-media-server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
ams-v.*
ams-v.1.0M1
ams-v.1.0RC
ams-v1.*
ams-v1.1
ams-v1.1.1
ams-v1.2.0
ams-v1.2.0-SNAPSHOT
ams-v1.2.2
ams-v1.2.3
ams-v1.2.4
ams-v1.2.5
ams-v1.2.6
ams-v1.3.0
ams-v1.3.0-SNAPSHOT
ams-v1.3.1
ams-v1.3.2
ams-v1.3.3
ams-v1.3.4
ams-v1.3.6.1
ams-v1.3.6.2
ams-v1.4.0
ams-v1.4.1
ams-v1.5.0
ams-v1.5.1
ams-v1.5.1.1
ams-v1.5.2
ams-v1.7.0
ams-v1.7.1
ams-v1.7.2
ams-v1.8.0
ams-v1.8.1
ams-v1.9.0
ams-v1.9.1
ams-v2.*
ams-v2.0.0
ams-v2.1.0
ams-v2.2.0
ams-v2.2.1
ams-v2.3.0
ams-v2.3.0-RC
ams-v2.3.1
ams-v2.3.2
ams-v2.3.3
ams-v2.3.3.1
ams-v2.4.0
ams-v2.4.0.2
ams-v2.4.1
ams-v2.4.2
ams-v2.4.2.1
ams-v2.4.3
ams-v2.5.0
ams-v2.5.1
ams-v2.5.3
ams-v2.6.0
ams-v2.6.1
ams-v2.6.2
ams-v2.6.3
ams-v2.7.0
ams-v2.8.0
ams-v2.8.1
ams-v2.8.2
red5+_1.*
red5+_1.0
release-1.*
release-1.6.0
release-1.6.1
release-1.6.2
Other
untagged-e09c2795e299b44bcb86
v1.*
v1.0.1_red5_plus
v1.0.2-M1
v1.0.2-RELEASE
v1.0.3-RELEASE
v1.0.4-RELEASE
v1.0.5-RELEASE
v1.0.6-RELEASE
v1.0.7-M1
v1.0.7-M10
v1.0.7-M2
v1.0.7-M3
v1.0.7-M4
v1.0.7-M5
v1.0.7-M6
v1.0.7-M7
v1.0.7-M8
v1.0.7-M9
v1.0.7-RELEASE
v1.0.7-SNAPSHOT
v1.0.8-M1
v1.0.8-M10
v1.0.8-M11
v1.0.8-M12
v1.0.8-M13
v1.0.8-M2
v1.0.8-M3
v1.0.8-M4
v1.0.8-M5
v1.0.8-M6
v1.0.8-M7
v1.0.8-M8
v1.0.8-M9
v1.0.8-RELEASE
v1.0.9-M1
v1.0.9-M2
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"id": "CVE-2024-35371-444709bd",
"source": "https://github.com/ant-media/ant-media-server/commit/4d4763bd4fd06e515c19544e5170ca0f34c9ce45",
"target": {
"file": "src/main/java/io/antmedia/rest/RestServiceBase.java",
"function": "deleteVoDs"
},
"digest": {
"function_hash": "95761701281652367030962544191816879973",
"length": 352.0
},
"signature_type": "Function",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2024-35371-4b667e10",
"source": "https://github.com/ant-media/ant-media-server/commit/4d4763bd4fd06e515c19544e5170ca0f34c9ce45",
"target": {
"file": "src/main/java/io/antmedia/rest/RestServiceBase.java",
"function": "playNextItem"
},
"digest": {
"function_hash": "3588344635813814824631526258410423810",
"length": 1176.0
},
"signature_type": "Function",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2024-35371-7bb8f1eb",
"source": "https://github.com/ant-media/ant-media-server/commit/4d4763bd4fd06e515c19544e5170ca0f34c9ce45",
"target": {
"file": "src/main/java/io/antmedia/rest/RestServiceBase.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"23753399346690249899021654914988838068",
"179372199406268492251904292254639271564",
"26031399485141338604229087849716094191",
"89185475063565130075353182509861000999",
"76326278886152943223270605200378510771",
"236732080366950629853323259256843045892",
"320194235873817073414156295407239386616",
"165096110433523903794032965909149369043",
"245738748441266680693885250355867868570",
"81006491848804784480976214044998821590",
"34758059315047979641456798275782013078",
"44677417436495615503035841339927883538",
"64383213238504413118756382504882048555",
"70096759998229486871409674971872702720",
"288859687097109942231063952056085291252",
"150281301989471431257362776792123893168",
"43404427390739069579269469228659889782",
"184427160938379186738405076773924436204",
"205812895234838758256823799464181550273"
]
},
"signature_type": "Line",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2024-35371-883027c6",
"source": "https://github.com/ant-media/ant-media-server/commit/4d4763bd4fd06e515c19544e5170ca0f34c9ce45",
"target": {
"file": "src/main/java/io/antmedia/rest/RestServiceBase.java",
"function": "startRecord"
},
"digest": {
"function_hash": "26429641633338691115392505862661463819",
"length": 351.0
},
"signature_type": "Function",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2024-35371-cad1f757",
"source": "https://github.com/ant-media/ant-media-server/commit/4d4763bd4fd06e515c19544e5170ca0f34c9ce45",
"target": {
"file": "src/main/java/io/antmedia/rest/RestServiceBase.java",
"function": "deleteBroadcasts"
},
"digest": {
"function_hash": "228798487391422378546101686830446456162",
"length": 350.0
},
"signature_type": "Function",
"deprecated": false
}
]