Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1744 vulnerabilities reference this CWE, most recent first.

GHSA-MFQR-WP5F-9GJ8

Vulnerability from github – Published: 2024-09-12 15:33 – Updated: 2024-09-19 15:30
VLAI
Details

Possible Insertion of Sensitive Information into Log File Vulnerability

in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22533"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-12T13:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Possible Insertion of Sensitive Information into Log File Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.4.0000.",
  "id": "GHSA-mfqr-wp5f-9gj8",
  "modified": "2024-09-19T15:30:48Z",
  "published": "2024-09-12T15:33:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22533"
    },
    {
      "type": "WEB",
      "url": "https://www.netiq.com/documentation/edirectory-92/edirectory925_releasenotes/data/edirectory925_releasenotes.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MG6R-7GCG-995G

Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-05-24 17:39
VLAI
Details

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1226"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-13T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM \u0026amp; Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.",
  "id": "GHSA-mg6r-7gcg-995g",
  "modified": "2022-05-24T17:39:11Z",
  "published": "2022-05-24T17:39:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1226"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-logging-6QSWKRYz"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MG7R-RGFR-MMJ9

Vulnerability from github – Published: 2022-05-17 02:20 – Updated: 2022-05-17 02:20
VLAI
Details

rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-3243"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-25T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.",
  "id": "GHSA-mg7r-rgfr-mmj9",
  "modified": "2022-05-17T02:20:39Z",
  "published": "2022-05-17T02:20:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3243"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232826"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/06/18/12"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/06/20/3"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/75298"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032885"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MGH5-4H95-QJ4P

Vulnerability from github – Published: 2020-06-03 22:02 – Updated: 2021-07-29 17:51
VLAI
Summary
Information Exposure in Snyk Broker
Details

All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "snyk-broker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.73.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-7654"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-01T19:41:28Z",
    "nvd_published_at": "2020-05-29T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.",
  "id": "GHSA-mgh5-4h95-qj4p",
  "modified": "2021-07-29T17:51:23Z",
  "published": "2020-06-03T22:02:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7654"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613"
    },
    {
      "type": "WEB",
      "url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Information Exposure in Snyk Broker"
}

GHSA-MGH9-332F-65F9

Vulnerability from github – Published: 2022-10-21 19:01 – Updated: 2022-10-24 19:00
VLAI
Details

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-31239"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-21T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data.",
  "id": "GHSA-mgh9-332f-65f9",
  "modified": "2022-10-24T19:00:22Z",
  "published": "2022-10-21T19:01:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31239"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MH5R-54WV-3957

Vulnerability from github – Published: 2025-07-30 00:32 – Updated: 2025-11-03 21:34
VLAI
Details

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to access sensitive user data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-43225"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-30T00:15:34Z",
    "severity": "MODERATE"
  },
  "details": "A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to access sensitive user data.",
  "id": "GHSA-mh5r-54wv-3957",
  "modified": "2025-11-03T21:34:14Z",
  "published": "2025-07-30T00:32:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43225"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/124148"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/124149"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/124150"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/124151"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Jul/31"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Jul/32"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Jul/33"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Jul/34"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MH7P-2P63-76H2

Vulnerability from github – Published: 2022-05-14 01:35 – Updated: 2022-05-14 01:35
VLAI
Details

The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android device with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contain a pre-installed platform app with a package name of com.android.modem.service (versionCode=25, versionName=7.1.1; versionCode=23, versionName=6.0.1) that exports an interface to any app on co-located on the device. Using the exported interface of the com.android.modem.service app, any app can enable and obtain certain log files (modem and logcat) without the appropriate corresponding access permissions. The modem logs contain the phone number and full text body of incoming and outgoing text messages in binary format. In addition, the modem log contains the phone numbers for both incoming and outgoing phone calls. The system-wide logcat logs (those obtained via the logcat binary) tend to contain sensitive user data. Third-party apps are prevented from directly reading the system-wide logcat logs. The capability to read from the system-wide logcat logs is only available to pre-installed system apps and platform apps. The modem log and/or logcat log, once activated, get written to external storage (SD card). An app aware of this vulnerability can enable the logs, parse them for relevant data, and exfiltrate them from the device. The modem log and logcat log are inactive by default, but a third-party app with no permissions can activate them, although the app will need to be granted the READ_EXTERNAL_STORAGE permission to access them.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-14995"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-28T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android device with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contain a pre-installed platform app with a package name of com.android.modem.service (versionCode=25, versionName=7.1.1; versionCode=23, versionName=6.0.1) that exports an interface to any app on co-located on the device. Using the exported interface of the com.android.modem.service app, any app can enable and obtain certain log files (modem and logcat) without the appropriate corresponding access permissions. The modem logs contain the phone number and full text body of incoming and outgoing text messages in binary format. In addition, the modem log contains the phone numbers for both incoming and outgoing phone calls. The system-wide logcat logs (those obtained via the logcat binary) tend to contain sensitive user data. Third-party apps are prevented from directly reading the system-wide logcat logs. The capability to read from the system-wide logcat logs is only available to pre-installed system apps and platform apps. The modem log and/or logcat log, once activated, get written to external storage (SD card). An app aware of this vulnerability can enable the logs, parse them for relevant data, and exfiltrate them from the device. The modem log and logcat log are inactive by default, but a third-party app with no permissions can activate them, although the app will need to be granted the READ_EXTERNAL_STORAGE permission to access them.",
  "id": "GHSA-mh7p-2p63-76h2",
  "modified": "2022-05-14T01:35:49Z",
  "published": "2022-05-14T01:35:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14995"
    },
    {
      "type": "WEB",
      "url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018"
    },
    {
      "type": "WEB",
      "url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MHJJ-G9CV-766W

Vulnerability from github – Published: 2022-05-14 03:37 – Updated: 2022-05-14 03:37
VLAI
Details

The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7433"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-02T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.",
  "id": "GHSA-mhjj-g9cv-766w",
  "modified": "2022-05-14T03:37:08Z",
  "published": "2022-05-14T03:37:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7433"
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/better-wp-security/#developers"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MHP8-7XP2-CHW4

Vulnerability from github – Published: 2025-07-29 06:30 – Updated: 2025-07-29 06:30
VLAI
Details

"SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user information may be exposed to an attacker who has access to the application logs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53649"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-29T05:15:32Z",
    "severity": "MODERATE"
  },
  "details": "\"SwitchBot\" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user information may be exposed to an attacker who has access to the application logs.",
  "id": "GHSA-mhp8-7xp2-chw4",
  "modified": "2025-07-29T06:30:21Z",
  "published": "2025-07-29T06:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53649"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN59585716"
    },
    {
      "type": "WEB",
      "url": "https://www.switchbot.jp/pages/switchbot-app-vulnerability-fix202507"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-MJ96-MH85-R574

Vulnerability from github – Published: 2025-07-21 19:12 – Updated: 2025-07-21 19:12
VLAI
Summary
buildalon/setup-steamcmd leaked authentication token in job output logs
Details

Summary

Log output includes authentication token that provides full account access

Details

The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves authentication tokes for the associated steam accounts publicly available. Additionally, userdata/$user_id$/config/localconfig.vdf contains potentially sensitive information which should not be included in public logs.

PoC

Use the following workflow step

steps:
      - name: Setup SteamCMD
        uses: buildalon/setup-steamcmd@v1.0.4

      - name: Sign into steam
        shell: bash
        run: |
          steamcmd +login ${{ secrets.WORKSHOP_USERNAME }} ${{ secrets.WORKSHOP_PASSWORD }} +quit

Impact

Anyone who has used this workflow action with a steam account is affected and has had valid authentication tokens leaked in the job logs. This is particularly bad for public repositories, as anyone with a GitHub account can access the logs and view the token.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "GitHub Actions",
        "name": "buildalon/setup-steamcmd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-21T19:12:48Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nLog output includes authentication token that provides full account access\n\n### Details\nThe post job action prints the contents of `config/config.vdf` which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves authentication tokes for the associated steam accounts publicly available. Additionally, `userdata/$user_id$/config/localconfig.vdf` contains potentially sensitive information which should not be included in public logs.\n\n### PoC\nUse the following workflow step\n```\nsteps:\n      - name: Setup SteamCMD\n        uses: buildalon/setup-steamcmd@v1.0.4\n\n      - name: Sign into steam\n        shell: bash\n        run: |\n          steamcmd +login ${{ secrets.WORKSHOP_USERNAME }} ${{ secrets.WORKSHOP_PASSWORD }} +quit\n```\n\n### Impact\nAnyone who has used this workflow action with a steam account is affected and has had valid authentication tokens leaked in the job logs. This is particularly bad for public repositories, as anyone with a GitHub account can access the logs and view the token.",
  "id": "GHSA-mj96-mh85-r574",
  "modified": "2025-07-21T19:12:48Z",
  "published": "2025-07-21T19:12:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/buildalon/setup-steamcmd/security/advisories/GHSA-mj96-mh85-r574"
    },
    {
      "type": "WEB",
      "url": "https://github.com/buildalon/setup-steamcmd/commit/c3301963a182b14fd7a5b4991e6ae91ed39e4a5c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/buildalon/setup-steamcmd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "buildalon/setup-steamcmd leaked authentication token in job output logs"
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.