2 matches found
CVE-2024-27097 Potential log injection in reset user endpoint in ckan
A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log. This could lead to an attacker injecting false log entries or corrupt the log file format. This has been fixed in the CKAN versions 2.9.11 and 2.10.4. Users are advised to upgrade...
CVE-2024-27097
CVE-2024-27097 corresponds to a log-injection vulnerability in CKAN where an input parameter sent to the user/reset endpoint was not filtered before being logged, enabling potential false log entries or log-file corruption. The issue affects CKAN, with fixed versions 2.9.11 and 2.10.4. Remediatio...