Improper Output Neutralization for Logs
CVE-2021-22060
Summary
In Spring Framework versions 5.2.x before 5.2.19.RELEASE, 5.3.x before 5.3.14 and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- LOW
- NONE
- NONE
CWE-117 - Improper Output Neutralization for Logs
The software does not neutralize or incorrectly neutralizes output that is written to logs.
Advisory Timeline
- Published