CVE-2021-22060
MEDIUM4.3EPSS 0.18%Log entry injection in Spring Framework
Published: 1/12/2022Modified: 12/4/2024
Also known as:GHSA-6gf2-pvqw-37ph
Description
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
Affected packages (2)
- Debian/libspring-javafrom 0
- Maven/org.springframework:spring-core>= 5.3.0, < 5.3.14
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |