Improper Output Neutralization for Logs

Overview Affected versions of this package are vulnerable to Improper Output Neutralization for Logs in the JSONLayout class. An attacker can inject non-printable characters into log messages by supplying specially crafted input, which may cause downstream applications that consume these logs to...

Improper Output Neutralization for Logs

Overview Affected versions of this package are vulnerable to Improper Output Neutralization for Logs in the HTMLLayout class. An attacker can execute arbitrary HTML or JavaScript code by injecting malicious content into the logger name, which is then written to the HTML log file and subsequently...

CVE-2025-54813

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON...

CVE-2025-54813

CVE-2025-54813 affects Apache Log4cxx prior to 1.5.0, due to improper output neutralization for JSONLayout where certain non‑printable characters in attacker-supplied messages are not escaped, potentially impacting log consumption. Fedora advisory confirms a 1.5.0-1.fc41 update as the fix, and De...

Improper Output Neutralization for Logs

Overview Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the WeakDecode function when handling malformed input data. An attacker can cause sensitive information to be included in error logs by submitting specially crafted input that triggers error...

CVE-2025-54389

A flaw was found in AIDE. This flaw allows an attacker to craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and tamper with the log output. A local user may exploit this to bypass AIDE's detection of malicious files...

CVE-2025-54389

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

AZL-66297 CVE-2025-54389 affecting package aide for versions less than 0.18.6-2

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

AZL-66434 CVE-2025-54389 affecting package aide for versions less than 0.16-17

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

DEBIAN-CVE-2025-54389

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

CVE-2025-54389

CVE-2025-54389 affects AIDE (Advanced Intrusion Detection Environment) with an improper output neutralization vulnerability in versions prior to 0.19.2. An attacker can craft filenames containing terminal escape sequences to hide additions/removals from reports and tamper with log output, potenti...

CVE-2025-54389 AIDE improper output neutralization vulnerability

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

CVE-2025-54389 AIDE improper output neutralization vulnerability

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

Improper Output Neutralization For Logs

org.apache.struts, struts-extras is vulnerable to Improper Output Neutralization for Logs. The vulnerability is due to LookupDispatchAction printing untrusted input to logs without filtering, which allows an attacker to craft input that injects misleading log entries, potentially confusing human ...

Aide 安全漏洞

Aide is a tool for monitoring file system changes. It can be used to detect unauthorized monitored files and directories. A security vulnerability exists in versions prior to Aide 0.19.2, which stems from improper output neutralization and could lead to bypassing detection...

Improper Output Neutralization for Logs

Overview Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the LookupDispatchAction function. An attacker can manipulate log output by submitting specially crafted input, causing parts of the log message to appear as separate log lines and potentially...

CVE-2025-54656 Apache Struts Extras: Improper Output Neutralization for Logs

UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...

PT-2025-31399 · Apache · Apache Struts Extras

Name of the Vulnerable Software and Affected Versions: Apache Struts Extras versions prior to 2 Description: This issue involves improper output neutralization for logs in Apache Struts Extras. When using LookupDispatchAction, untrusted input may be printed to logs without filtering. This can lea...

Improper Output Neutralization for Logs

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the request.path function used by HTTP responses, which allows control characters to ...

CVE-2024-35371

Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included...