Improper Output Neutralization for Logs

CVE-2021-22096

Medium

4.3/10

Summary

In Spring Framework versions 5.3.0 through 5.3.11, 5.2.0 through 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-117 - Improper Output Neutralization for Logs

The software does not neutralize or incorrectly neutralizes output that is written to logs.

References

Advisory
Advisory

Advisory Timeline

Published Oct 28, 2021

Improper Output Neutralization for Logs

CVE-2021-22096

Summary

CWE-117 - Improper Output Neutralization for Logs

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS