10 matches found
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames
A flaw was found in Apache Log4j Core. This vulnerability allows for log injection through the use of Carriage Return Line Feed CRLF sequences. This occurs because security-related configuration attributes were silently renamed, impacting users who directly configure Rfc5424Layout with stream-bas...
EUVD-2021-30345
Malicious code in bioql PyPI...
CVE-2021-42010 CRLF log injection
Heron versions = 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue...
CVE-2021-42010 CRLF log injection
Heron versions = 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue...
CVE-2021-43410
Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 1 of airavata-django-portal 1...
CVE-2021-43410
Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 1 of airavata-django-portal 1...
CVE-2021-43410 airavata-django-portal allows CRLF log injection because of the lack of escaping in the log statements
Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 1 of airavata-django-portal 1...
GHSA-RM7F-MPCJ-W4F6 Command injection in Apache Unomi
Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements...
Command injection in Apache Unomi
Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements...
CVE-2021-31164
Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements...