Skip to main content

Improper Output Neutralization for Logs

CVE-2021-42250

Severity Medium
Score 6.5/10

Summary

Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs. This vulnerability affects from versions 1.1.0 before 1.3.2.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • LOW
  • NONE
  • NONE

CWE-117 - Improper Output Neutralization for Logs

The software does not neutralize or incorrectly neutralizes output that is written to logs.

Advisory Timeline

  • Published