CVE-2022-32549: Log Injection in Apache Sling Commons Log and Apache Sling API

June 22, 2022 (updated June 29, 2022)

Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 is vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.

References

github.com/advisories/GHSA-qmx3-m648-hr74
lists.apache.org/thread/7z6h3806mwcov5kx6l96pq839sn0po1v
nvd.nist.gov/vuln/detail/CVE-2022-32549

Detect and mitigate CVE-2022-32549 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →