Moderate severityNVD Advisory· Published Jun 22, 2022· Updated Aug 3, 2024
log injection in Sling logging
CVE-2022-32549
Description
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.sling:org.apache.sling.commons.logMaven | <= 5.4.0 | — |
org.apache.sling:org.apache.sling.apiMaven | <= 2.25.0 | — |
Affected products
3- ghsa-coords2 versionspkg:maven/org.apache.sling/org.apache.sling.apipkg:maven/org.apache.sling/org.apache.sling.commons.log
<= 2.25.0+ 1 more
- (no CPE)range: <= 2.25.0
- (no CPE)range: <= 5.4.0
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-qmx3-m648-hr74ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-32549ghsaADVISORY
- lists.apache.org/thread/7z6h3806mwcov5kx6l96pq839sn0po1vghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.