2 matches found
PT-2026-31983
Name of the Vulnerable Software and Affected Versions Apache Log4cxx versions prior to 1.7.0 Description Apache Log4cxx's XMLLayout fails to sanitize characters forbidden by the XML 1.0 specification in log messages, NDC, and MDC property keys and values, resulting in invalid XML output. This can...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the typeSafetyCheckEmail function. An attacker can inject arbitrary log entries and expose sensitive information by submitting specially crafted email addresses containing newline or...