CVE-2022-32549

CVE-2022-32549: log injection in Sling logging

Vendor Apache Software Foundation
Product Apache Sling
Weakness CWE-117
Published June 22, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.

Key dates

02Disclosure timeline

June 22, 2022 CVE published
August 3, 2024 Record updated