CVE-2022-32549
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-32549
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32549.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-32549
- Aliases
- Published
- 2022-06-22T15:15:08Z
- Modified
- 2024-09-03T04:16:32.631909Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.
- References
Affected packages
Git / github.com/apache/sling-org-apache-sling-api
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/sling-org-apache-sling-api
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Type
- GIT
- Repo
- https://github.com/apache/sling-org-apache-sling-commons-log
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
org.*
org.apache.sling.api-2.16.4
org.apache.sling.api-2.17.0
org.apache.sling.api-2.18.0
org.apache.sling.api-2.18.2
org.apache.sling.api-2.18.4
org.apache.sling.api-2.20.0
org.apache.sling.api-2.21.0
org.apache.sling.api-2.22.0
org.apache.sling.api-2.23.0
org.apache.sling.api-2.23.4
org.apache.sling.api-2.23.6
org.apache.sling.api-2.24.0
org.apache.sling.api-2.25.0
org.apache.sling.commons.log-5.1.0
org.apache.sling.commons.log-5.1.10
org.apache.sling.commons.log-5.1.12
org.apache.sling.commons.log-5.1.14
org.apache.sling.commons.log-5.1.2
org.apache.sling.commons.log-5.1.4
org.apache.sling.commons.log-5.1.6
org.apache.sling.commons.log-5.1.8
org.apache.sling.commons.log-5.2.0
org.apache.sling.commons.log-5.3.0
org.apache.sling.commons.log-5.4.0