Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-117 (日志输出的转义处理不恰当) — Vulnerability Class 81

81 vulnerabilities classified as CWE-117 (日志输出的转义处理不恰当). AI Chinese analysis included.

CWE-117 represents an input validation weakness where applications fail to properly sanitize external data before writing it to log files. This vulnerability allows attackers to inject malicious log entries, often by manipulating fields like usernames or URLs that are directly incorporated into log messages. Exploitation typically involves injecting newline characters or log-specific formatting codes to forge entries, which can obscure legitimate activity, create false alerts, or facilitate log injection attacks that lead to cross-site scripting or server-side request forgery. To prevent this, developers must implement strict output encoding and validation routines specifically for logging contexts. By treating all external input as untrusted and applying context-aware neutralization techniques, such as escaping special characters or using structured logging frameworks, engineers ensure that log data remains safe and interpretable, thereby maintaining the integrity and reliability of system audit trails.

MITRE CWE Description
The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.
Common Consequences (1)
Integrity, Confidentiality, Availability, Non-RepudiationModify Application Data, Hide Activities, Execute Unauthorized Code or Commands
Interpretation of the log files may be hindered or misdirected if an attacker can supply data to the application that is subsequently logged verbatim. In the most benign case, an attacker may be able to insert false entries into the log file by providing the application with input that includes appr…
Mitigations (3)
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
ImplementationUse and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are i…
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
Examples (1)
The following web application code attempts to read an integer value from a request object. If the parseInt call fails, then the input is logged with an error message indicating what happened.
String val = request.getParameter("val"); try { int value = Integer.parseInt(val); } catch (NumberFormatException) { log.info("Failed to parse val = " + val); } ...
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2025-0754 Envoyproxy: openshift service mesh 2.6.3 and 2.5.6 envoy header handling allows log injection and potential spoofing 4.3 Medium2025-01-28
CVE-2024-35150 IBM Maximo Application Suite log manipulation — Maximo Application Suite 5.3 Medium2025-01-25
CVE-2024-52891 IBM Concert Software log manipulation — Concert Software 5.4 Medium2025-01-07
CVE-2024-7696 AXIS Camera Station Pro 安全漏洞 — AXIS Camera Station Pro 6.3 Medium2025-01-07
CVE-2024-47083 Power Platform Terraform Provider has Improper Masking of Secrets in Logs — terraform-provider-power-platform 6.5AIMediumAI2024-09-25
CVE-2024-45808 Malicious log injection via access logs in envoy — envoy 6.5 Medium2024-09-19
CVE-2024-8334 master-nan Sweet-CMS log.go LogHandler neutralization for logs — Sweet-CMS 4.3 Medium2024-08-30
CVE-2024-8297 kitsada8621 Digital Library Management System jwt_refresh_token_middleware.go JwtRefreshAuth neutralization for logs — Digital Library Management System 5.3 Medium2024-08-29
CVE-2024-23194 Gallagher Command Centre 安全漏洞 — Command Centre 3.3 Low2024-07-11
CVE-2024-0095 CVE — NVIDIA Triton Inference Server 4.3 Critical2024-06-13
CVE-2023-28952 IBM Cognos Controller log injection — Cognos Controller 5.3 Medium2024-05-03
CVE-2023-39461 Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability — SCADA Data Gateway 8.8 -2024-05-03
CVE-2024-25047 IBM Cognos Analytics log injection — Cognos Analytics 8.6 High2024-05-02
CVE-2023-6484 Keycloak: log injection during webauthn authentication or registration 5.3 Medium2024-04-25
CVE-2024-1681 Log Injection Vulnerability in corydolphin/flask-cors — corydolphin/flask-cors 6.5 -2024-04-19
CVE-2024-22356 IBM App Connect Enterprise and IBM Integration Bus for z/OS information disclosure — App Connect Enterprise 4.9 Medium2024-03-26
CVE-2024-0690 Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration 5.0 Medium2024-02-06
CVE-2023-38020 IBM SOAR QRadar Plugin App log injection — SOAR QRadar Plugin App 4.3 Medium2024-02-02
CVE-2024-0987 Sichuan Yougou Technology KuERP log neutralization for logs — KuERP 6.3 Medium2024-01-29
CVE-2024-22229 Dell Unity 安全漏洞 — Unity 3.1 Low2024-01-24
CVE-2023-7234 Integration Objects OPC UA Server Toolkit Improper Output Neutralization for Logs — OPC UA Server Toolkit 5.3 Medium2024-01-16
CVE-2023-46713 Fortinet FortiWeb 安全漏洞 — FortiWeb 4.9 Medium2023-12-13
CVE-2023-6002 Log Injection — YugabyteDB 6.5 Medium2023-11-07
CVE-2023-4065 Operator: plaintext password in operator log — RHEL-8 based Middleware Containers 5.5 Medium2023-09-26
CVE-2023-4571 Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI) — Splunk ITSI 8.6 High2023-08-30
CVE-2023-3997 Unauthenticated Log Injection In Splunk SOAR — Splunk SOAR (On-premises) 8.6 High2023-07-31
CVE-2023-37275 System logs spoofable in Auto-GPT via ANSI control sequences — Auto-GPT 3.1 Low2023-07-13
CVE-2023-36924 Log Injection vulnerability in SAP ERP Defense Forces and Public Security — SAP ERP Defense Forces and Public Security 4.9 Medium2023-07-11
CVE-2023-31405 Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer) — SAP NetWeaver AS for Java (Log Viewer) 5.3 Medium2023-07-11
CVE-2023-32712 Unauthenticated Log Injection in Splunk Enterprise — Splunk Enterprise 8.6 High2023-06-01

Vulnerabilities classified as CWE-117 (日志输出的转义处理不恰当) represent 81 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.