Miggo Logo
Miggo Vulnerability Database
CVE-2021-22096

CVE-2021-22096:
Improper Output Neutralization for Logs in Spring Framework

4.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-22096
GHSA ID
GHSA-rfmp-97jj-h8m6
EPSS Score
0.37667%
CWE
CWE-117
Published
5/24/2022
Updated
7/19/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.springframework:spring-coremaven>= 5.3.0, <= 5.3.105.3.11
org.springframework:spring-coremaven>= 5.2.0, <= 5.2.175.2.18
org.springframework:springmaven>= 5.2.0, <= 5.2.175.2.18
org.springframework:springmaven>= 5.3.0, <= 5.3.105.3.11

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided information describes the vulnerability (CVE-2021-22096) as improper log output neutralization in Spring Framework, but it does not include commit diffs, GitHub patch details, or specific code examples. While the vulnerability is linked to logging functions that fail to sanitize user input, the exact functions and their file paths cannot be identified with high confidence without access to the patched code changes or explicit documentation of the affected components. The advisory references general Spring Framework versions and CWE-117, but insufficient technical details are provided to pinpoint specific vulnerable functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In Sprin* *r*m*work v*rsions *.*.* - *.*.**, *.*.* - *.*.**, *n* ol**r unsupport** v*rsions, it is possi*l* *or * us*r to provi** m*li*ious input to **us* t** ins*rtion o* ***ition*l lo* *ntri*s.

Reasoning

T** provi*** in*orm*tion **s*ri**s t** vuln*r**ility (*V*-****-*****) *s improp*r lo* output n*utr*liz*tion in Sprin* *r*m*work, *ut it *o*s not in*lu** *ommit *i**s, *it*u* p*t** **t*ils, or sp**i*i* *o** *x*mpl*s. W*il* t** vuln*r**ility is link**