Tag
cwe-117
Safeguard articles tagged "cwe-117" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Vulnerability Guides
Log Injection: How Attackers Poison Your Logs (and How to Stop Them)
Logs are supposed to be your source of truth during an incident. Log injection lets attackers forge entries, break parsers, and — in the worst cases — trigger code execution from a log line.
Jul 4, 20265 min read
Application Security
How to prevent log injection vulnerabilities in Java
Log injection let attackers turn Log4j logging calls into remote code execution in 2021. Here's how CWE-117 works in Java and how to stop it.
May 2, 20266 min read
Industry Analysis
Logging Vulnerabilities: Log Injection and Sensitive Data...
Log4Shell, plaintext password logs, and CRLF injection show how logging vulnerabilities turn debug output into a full-blown breach vector for attackers.
Oct 29, 20258 min read