Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-117 (日志输出的转义处理不恰当) — Vulnerability Class 81

81 vulnerabilities classified as CWE-117 (日志输出的转义处理不恰当). AI Chinese analysis included.

CWE-117 represents an input validation weakness where applications fail to properly sanitize external data before writing it to log files. This vulnerability allows attackers to inject malicious log entries, often by manipulating fields like usernames or URLs that are directly incorporated into log messages. Exploitation typically involves injecting newline characters or log-specific formatting codes to forge entries, which can obscure legitimate activity, create false alerts, or facilitate log injection attacks that lead to cross-site scripting or server-side request forgery. To prevent this, developers must implement strict output encoding and validation routines specifically for logging contexts. By treating all external input as untrusted and applying context-aware neutralization techniques, such as escaping special characters or using structured logging frameworks, engineers ensure that log data remains safe and interpretable, thereby maintaining the integrity and reliability of system audit trails.

MITRE CWE Description
The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.
Common Consequences (1)
Integrity, Confidentiality, Availability, Non-RepudiationModify Application Data, Hide Activities, Execute Unauthorized Code or Commands
Interpretation of the log files may be hindered or misdirected if an attacker can supply data to the application that is subsequently logged verbatim. In the most benign case, an attacker may be able to insert false entries into the log file by providing the application with input that includes appr…
Mitigations (3)
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
ImplementationUse and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are i…
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
Examples (1)
The following web application code attempts to read an integer value from a request object. If the parseInt call fails, then the input is logged with an error message indicating what happened.
String val = request.getParameter("val"); try { int value = Integer.parseInt(val); } catch (NumberFormatException) { log.info("Failed to parse val = " + val); } ...
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2026-6494 Aap-mcp-server: aap mcp server: log injection allows social engineering attacks via unsanitized input — Red Hat Ansible Automation Platform 2 5.3 Medium2026-04-17
CVE-2025-14684 IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to . — Maximo Application Suite - Monitor Component 4.0 Medium2026-03-25
CVE-2025-59784 Log Pollution - Control Characters Not Escaped — 2N Access Commander 6.5AIMediumAI2026-03-04
CVE-2025-12755 Multiple vulnerabilities in IBM MQ Operator and Queue manager container images — MQ Operator 4.0 Medium2026-02-17
CVE-2025-11537 Keycloak-server: sensitive headers shown in the http access logs — Red Hat Build of Keycloak 5.0 Medium2026-02-10
CVE-2026-1337 Insufficient escaping of unicode characters in query log — Enterprise Edition 6.1AIMediumAI2026-02-06
CVE-2025-66577 cpp-httplib Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust — cpp-httplib 5.3 Medium2025-12-05
CVE-2025-20384 Unauthenticated Log Injection in Splunk Enterprise — Splunk Enterprise 5.3 Medium2025-12-03
CVE-2025-36159 IBM Concert Improper Log Neutralization — Concert 6.2 Medium2025-11-20
CVE-2025-11627 Site Checkup AI Troubleshooting with Wizard and Tips for Each Issue <= 1.47 - Unauthenticated Log File Poisoning — Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue 6.5 Medium2025-10-30
CVE-2025-36081 Multiple Vulnerabilities in IBM Concert Software. — Concert Software 5.3 Medium2025-10-28
CVE-2025-58580 Injection via log file — Enterprise Analytics 6.5 Medium2025-10-06
CVE-2025-10217 Hitachi Energy Asset Suite 安全漏洞 — Asset Suite 4.3AIMediumAI2025-09-30
CVE-2025-54812 Apache Log4cxx: Improper HTML escaping in HTMLLayout — Apache Log4cxx 6.1AIMediumAI2025-08-22
CVE-2025-54813 Apache Log4cxx: Improper escaping with JSONLayout — Apache Log4cxx 5.3AIMediumAI2025-08-22
CVE-2025-54389 AIDE improper output neutralization vulnerability — aide 6.2 Medium2025-08-14
CVE-2025-54656 Apache Struts Extras: Improper Output Neutralization for Logs — Apache Struts Extras 5.3AIMediumAI2025-07-30
CVE-2025-49846 wire-ios accidentally logs message contents — wire-ios 4.6AIMediumAI2025-07-03
CVE-2025-48432 Django 安全漏洞 — Django 4.0 Medium2025-06-05
CVE-2024-13949 Log Forging — ASPECT-Enterprise 6.8 Medium2025-05-22
CVE-2025-3942 Improper Output Neutralization for Logs — Niagara Framework 4.3 Medium2025-05-22
CVE-2025-41429 appleple a-blog cms 安全漏洞 — a-blog cms 4.8 Medium2025-05-19
CVE-2025-36625 Log Poisoning in Nessus — Nessus 4.3 Medium2025-04-18
CVE-2024-52962 Fortinet FortiAnalyzer 安全漏洞 — FortiAnalyzer 5.0 Medium2025-04-08
CVE-2024-9606 Improper Output Neutralization for Logs in berriai/litellm — berriai/litellm 7.5 -2025-03-20
CVE-2024-12580 Logs Debug Injection in danny-avila/librechat — danny-avila/librechat 5.3 -2025-03-20
CVE-2025-25294 Envoy Gateway Log Injection Vulnerability — gateway 5.3 Medium2025-03-06
CVE-2025-23405 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Improper Output Neutralization For Logs — USB-C Blood Glucose Monitoring System Starter Kit Android Applications 5.3 Medium2025-02-28
CVE-2024-49355 IBM OpenPages log manipulation — OpenPages with Watson 5.3 Medium2025-02-20
CVE-2024-56473 IBM Aspera Shares Data Manipulation — Aspera Shares 5.3 Medium2025-02-05

Vulnerabilities classified as CWE-117 (日志输出的转义处理不恰当) represent 81 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.