High severityNVD Advisory· Published Jan 4, 2022· Updated Aug 4, 2024
Apache Geode project log file redaction of sensitive information vulnerability
CVE-2021-34797
Description
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This issue is fixed by overhauling the log file redaction in Apache Geode versions 1.12.5, 1.13.5, and 1.14.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.geode:geode-coreMaven | < 1.12.5 | 1.12.5 |
org.apache.geode:geode-coreMaven | >= 1.13.0, < 1.13.5 | 1.13.5 |
Affected products
2- Apache Software Foundation/Apache Geodev5Range: Apache Geode
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-mw25-f5r2-hpc6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-34797ghsaADVISORY
- lists.apache.org/thread/nq2w9gjzm1cjx1rh6zw41ty39qw7qpx4ghsax_refsource_MISCWEB
- lists.apache.org/thread/p4l0g49rzzzpn8yt9q9p0xp52h3zmsmkghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.