CWE-117
Improper Output Neutralization for Logs
Description
The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-268 · CAPEC-81 · CAPEC-93
CVEs mapped to this weakness (45)
page 2 of 3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-23194 | Low | 0.21 | 3.3 | 0.00 | Jul 11, 2024 | Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 (MR1). | ||
| CVE-2025-49846 | Med | 0.20 | — | 0.00 | Jul 3, 2025 | wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that were visible in the view port have been logged to the iOS system logs in clear text. Wire application logs created and managed by the application itself… | ||
| CVE-2025-41419 | med | 0.19 | — | 0.01 | Jul 31, 2025 | **I. Detailed Description:** This includes scenarios, screenshots, vulnerability reproduction methods. For account-related vulnerabilities, please provide test accounts. If the reproduction process is complex, you may record a video, upload it to Taopan, and attach the link. … | ||
| CVE-2026-1337 | 0.00 | — | 0.00 | Feb 6, 2026 | Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a… | |||
| CVE-2025-59476 | 0.00 | — | 0.00 | Sep 17, 2025 | Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control log message contents to insert line break characters, followed by forged log… | |||
| CVE-2025-54656 | 0.00 | — | 0.01 | Jul 30, 2025 | ** UNSUPPORTED WHEN ASSIGNED ** Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering.… | |||
| CVE-2025-48432 | 0.00 | — | 0.01 | Jun 5, 2025 | An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or… | |||
| CVE-2024-9606 | — | 0.00 | — | 0.01 | Mar 20, 2025 | In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs,… | ||
| CVE-2025-25294 | 0.00 | — | 0.00 | Mar 6, 2025 | Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection… | |||
| CVE-2025-27111 | 0.00 | — | 0.01 | Mar 4, 2025 | Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. This… | |||
| CVE-2025-25184 | 0.00 | — | 0.01 | Feb 12, 2025 | Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates… | |||
| CVE-2024-1681 | 0.00 | — | 0.01 | Apr 19, 2024 | corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to… | |||
| CVE-2024-32474 | 0.00 | — | 0.00 | Apr 18, 2024 | Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the _event_: `auth-index.validate_superuser`. An attacker with access to… | |||
| CVE-2024-27097 | 0.00 | — | 0.00 | Mar 13, 2024 | A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log. This could lead to an attacker injecting false log entries or corrupt the log file format. This has been fixed in the CKAN versions 2.9.11 and 2.10.4. Users are… | |||
| CVE-2024-0690 | 0.00 | — | 0.00 | Feb 6, 2024 | An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive… | |||
| CVE-2023-22733 | — | 0.00 | — | 0.01 | Jan 17, 2023 | Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users… | ||
| CVE-2020-36567 | — | 0.00 | — | 0.01 | Dec 27, 2022 | Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines. | ||
| CVE-2022-32549 | 0.00 | — | 0.02 | Jun 22, 2022 | Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files. | |||
| CVE-2021-22096 | — | 0.00 | — | 0.01 | Oct 28, 2021 | In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. | ||
| CVE-2017-8761 | — | 0.00 | — | 0.01 | Jun 2, 2021 | In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected. |
- risk 0.21cvss 3.3epss 0.00
Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 (MR1).
- risk 0.20cvss —epss 0.00
wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that were visible in the view port have been logged to the iOS system logs in clear text. Wire application logs created and managed by the application itself…
- risk 0.19cvss —epss 0.01
**I. Detailed Description:** This includes scenarios, screenshots, vulnerability reproduction methods. For account-related vulnerabilities, please provide test accounts. If the reproduction process is complex, you may record a video, upload it to Taopan, and attach the link. …
- CVE-2026-1337Feb 6, 2026risk 0.00cvss —epss 0.00
Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a…
- CVE-2025-59476Sep 17, 2025risk 0.00cvss —epss 0.00
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control log message contents to insert line break characters, followed by forged log…
- CVE-2025-54656Jul 30, 2025risk 0.00cvss —epss 0.01
** UNSUPPORTED WHEN ASSIGNED ** Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering.…
- CVE-2025-48432Jun 5, 2025risk 0.00cvss —epss 0.01
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or…
- CVE-2024-9606Mar 20, 2025risk 0.00cvss —epss 0.01
In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs,…
- CVE-2025-25294Mar 6, 2025risk 0.00cvss —epss 0.00
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection…
- CVE-2025-27111Mar 4, 2025risk 0.00cvss —epss 0.01
Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. This…
- CVE-2025-25184Feb 12, 2025risk 0.00cvss —epss 0.01
Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates…
- CVE-2024-1681Apr 19, 2024risk 0.00cvss —epss 0.01
corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to…
- CVE-2024-32474Apr 18, 2024risk 0.00cvss —epss 0.00
Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the _event_: `auth-index.validate_superuser`. An attacker with access to…
- CVE-2024-27097Mar 13, 2024risk 0.00cvss —epss 0.00
A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log. This could lead to an attacker injecting false log entries or corrupt the log file format. This has been fixed in the CKAN versions 2.9.11 and 2.10.4. Users are…
- CVE-2024-0690Feb 6, 2024risk 0.00cvss —epss 0.00
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive…
- CVE-2023-22733Jan 17, 2023risk 0.00cvss —epss 0.01
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users…
- CVE-2020-36567Dec 27, 2022risk 0.00cvss —epss 0.01
Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines.
- CVE-2022-32549Jun 22, 2022risk 0.00cvss —epss 0.02
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.
- CVE-2021-22096Oct 28, 2021risk 0.00cvss —epss 0.01
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
- CVE-2017-8761Jun 2, 2021risk 0.00cvss —epss 0.01
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.