CVE-2022-32549
published 2022-06-22CVE-2022-32549: Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover…
medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | sling_api | <= 2.25.0 | — |
| apache | sling_commons_log | <= 5.4.0 | — |
| apache_software_foundation | apache_sling | Apache Sling API – 2.25.0 | — |
| apache_software_foundation | apache_sling | Apache Sling Commons Log – 5.4.0 | — |