CVE-2022-32549
MEDIUM5.3EPSS 2.9%Log Injection in Apache Sling Commons Log and Apache Sling API
Published: 6/23/2022Modified: 11/8/2023
Description
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.
Affected packages (2)
- Maven/org.apache.sling:org.apache.sling.apifrom 0, <= 2.25.0
- Maven/org.apache.sling:org.apache.sling.commons.logfrom 0, <= 5.4.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |