CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1739 vulnerabilities reference this CWE, most recent first.
GHSA-VX74-PG4C-JQ5Q
Vulnerability from github – Published: 2024-03-14 18:30 – Updated: 2024-03-14 18:30Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2316.5.1.2 may allow an authenticated user to potentially enable information disclosure via local access.
{
"affected": [],
"aliases": [
"CVE-2023-27502"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-14T17:15:50Z",
"severity": "LOW"
},
"details": "Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2316.5.1.2 may allow an authenticated user to potentially enable information disclosure via local access.",
"id": "GHSA-vx74-pg4c-jq5q",
"modified": "2024-03-14T18:30:30Z",
"published": "2024-03-14T18:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27502"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00923.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VX87-P8VV-J974
Vulnerability from github – Published: 2024-03-31 21:30 – Updated: 2026-04-28 21:34Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Mailchimp Add On pmpro-mailchimp.This issue affects Paid Memberships Pro – Mailchimp Add On: from n/a through 2.3.4.
{
"affected": [],
"aliases": [
"CVE-2024-30523"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-31T19:15:46Z",
"severity": "MODERATE"
},
"details": "Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro \u2013 Mailchimp Add On pmpro-mailchimp.This issue affects Paid Memberships Pro \u2013 Mailchimp Add On: from n/a through 2.3.4.",
"id": "GHSA-vx87-p8vv-j974",
"modified": "2026-04-28T21:34:27Z",
"published": "2024-03-31T21:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30523"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/pmpro-mailchimp/wordpress-paid-memberships-pro-mailchimp-add-on-plugin-2-3-4-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VX9J-G89F-RRVX
Vulnerability from github – Published: 2026-06-11 00:32 – Updated: 2026-07-07 15:32An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.
{
"affected": [],
"aliases": [
"CVE-2026-0267"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-10T22:16:53Z",
"severity": "MODERATE"
},
"details": "An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.",
"id": "GHSA-vx9j-g89f-rrvx",
"modified": "2026-07-07T15:32:50Z",
"published": "2026-06-11T00:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0267"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2024-8687"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2026-0267"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-VXC5-78F8-RHP4
Vulnerability from github – Published: 2024-04-30 15:30 – Updated: 2024-06-14 15:31Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext.
This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.
{
"affected": [],
"aliases": [
"CVE-2024-2877"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-30T15:15:52Z",
"severity": "MODERATE"
},
"details": "Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext.\n\nThis vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.",
"id": "GHSA-vxc5-78f8-rhp4",
"modified": "2024-06-14T15:31:24Z",
"published": "2024-04-30T15:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2877"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hsec-2024-10-vault-enterprise-leaks-sensitive-http-request-headers-in-audit-log-when-deployed-with-a-performance-standby-node"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240614-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VXG3-W9RV-RHR2
Vulnerability from github – Published: 2025-08-28 16:46 – Updated: 2025-08-28 16:46This is the same vulnerability as https://github.com/edgelesssys/contrast/security/advisories/GHSA-h5f8-crrq-4pw8. The original vulnerability had been fixed for release v1.8.1, but the fix was not ported to the main branch and thus not present in releases v1.9.0 ff.
Below is a brief repetition of the relevant sections from the first GHSA, where you can find the full details.
Impact
- Workload secrets are visible to Kubernetes users with
getorlistpermission onpods/logs, and thus need to be considered compromised. - Since workload secrets are used for encrypted storage and Vault integration, those need to be considered compromised, too.
Patches
Patches:
- https://github.com/edgelesssys/contrast/commit/5a5512c4af63c17bb66331e7bd2768a863b2f225
- https://github.com/edgelesssys/contrast/commit/cf58026b30c43fe7df91eac5322da02e1725d554
The patches are released with v1.12.2 and v1.13.0 (not yet published). Since the secrets are compromised, Contrast needs to be initialized from scratch.
Workarounds
Existing workload secrets are compromised. The Contrast cluster needs to be newly initialized, and logging needs to be turned off.
References
First occurrence: * https://github.com/edgelesssys/contrast/security/advisories/GHSA-h5f8-crrq-4pw8
We are defining a process for handling GHSAs that should prevent such regressions in the future: * https://github.com/edgelesssys/contrast/pull/1739
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.12.1"
},
"package": {
"ecosystem": "Go",
"name": "github.com/edgelesssys/contrast"
},
"ranges": [
{
"events": [
{
"introduced": "1.9.0"
},
{
"fixed": "1.12.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-28T16:46:40Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "This is the same vulnerability as https://github.com/edgelesssys/contrast/security/advisories/GHSA-h5f8-crrq-4pw8. The original vulnerability had been fixed for release `v1.8.1`, but the fix was not ported to the main branch and thus not present in releases `v1.9.0` ff.\n\nBelow is a brief repetition of the relevant sections from the first GHSA, where you can find the full details.\n\n### Impact\n\n* [Workload secrets](https://docs.edgeless.systems/contrast/1.11/architecture/secrets#workload-secrets) are visible to Kubernetes users with `get` or `list` permission on `pods/logs`, and thus need to be considered compromised.\n* Since workload secrets are used for [encrypted storage](https://docs.edgeless.systems/contrast/1.11/howto/encrypted-storage) and [Vault integration](https://docs.edgeless.systems/contrast/1.11/howto/vault), those need to be considered compromised, too.\n\n### Patches\n\nPatches:\n\n* https://github.com/edgelesssys/contrast/commit/5a5512c4af63c17bb66331e7bd2768a863b2f225\n* https://github.com/edgelesssys/contrast/commit/cf58026b30c43fe7df91eac5322da02e1725d554\n\nThe patches are released with `v1.12.2` and `v1.13.0` (not yet published). Since the secrets are compromised, Contrast needs to be initialized from scratch.\n\n### Workarounds\n\nExisting workload secrets are compromised. The Contrast cluster needs to be newly initialized, and logging needs to be turned off. \n\n### References\n\nFirst occurrence:\n* https://github.com/edgelesssys/contrast/security/advisories/GHSA-h5f8-crrq-4pw8\n\nWe are defining a process for handling GHSAs that should prevent such regressions in the future:\n* https://github.com/edgelesssys/contrast/pull/1739",
"id": "GHSA-vxg3-w9rv-rhr2",
"modified": "2025-08-28T16:46:40Z",
"published": "2025-08-28T16:46:40Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/edgelesssys/contrast/security/advisories/GHSA-h5f8-crrq-4pw8"
},
{
"type": "WEB",
"url": "https://github.com/edgelesssys/contrast/security/advisories/GHSA-vxg3-w9rv-rhr2"
},
{
"type": "WEB",
"url": "https://github.com/edgelesssys/contrast/pull/1739"
},
{
"type": "WEB",
"url": "https://github.com/edgelesssys/contrast/commit/5a5512c4af63c17bb66331e7bd2768a863b2f225"
},
{
"type": "WEB",
"url": "https://github.com/edgelesssys/contrast/commit/cf58026b30c43fe7df91eac5322da02e1725d554"
},
{
"type": "PACKAGE",
"url": "https://github.com/edgelesssys/contrast"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Contrast leaks workload secrets to logs on INFO level"
}
GHSA-VXVM-QWW3-2FH7
Vulnerability from github – Published: 2023-08-29 18:31 – Updated: 2025-11-03 21:30Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed.
Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default).
This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0).
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "mongodb/mongodb"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.9.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "mongodb"
},
"ranges": [
{
"events": [
{
"introduced": "3.6.0"
},
{
"fixed": "3.6.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "mongodb"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.17.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "mongodb"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.8.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "SwiftURL",
"name": "github.com/mongodb/mongo-swift-driver"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-32050"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-30T21:20:44Z",
"nvd_published_at": "2023-08-29T16:15:08Z",
"severity": "MODERATE"
},
"details": "Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed.\n\nWithout due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default).\n\nThis issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0).",
"id": "GHSA-vxvm-qww3-2fh7",
"modified": "2025-11-03T21:30:53Z",
"published": "2023-08-29T18:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32050"
},
{
"type": "WEB",
"url": "https://github.com/mongodb/mongo-php-driver/pull/1235"
},
{
"type": "WEB",
"url": "https://github.com/mongodb/mongo-swift-driver/pull/643"
},
{
"type": "WEB",
"url": "https://github.com/mongodb/mongo-php-driver/commit/4495de8313c0d313e4dde906fc7aedf998ee3748"
},
{
"type": "WEB",
"url": "https://github.com/mongodb/node-mongodb-native/commit/8c8b4c3b8c55f10fb96f63d3bbfa5d408b4ed7d0"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/CDRIVER-3797"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/CXX-2028"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/NODE-3356"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/PHPC-1869"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SWIFT-1229"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231006-0001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "MongoDB Driver may publish events containing authentication-related data"
}
GHSA-VXWR-95XC-XXRG
Vulnerability from github – Published: 2022-05-13 01:15 – Updated: 2022-05-13 01:15A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1.
{
"affected": [],
"aliases": [
"CVE-2019-0032"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-10T20:29:00Z",
"severity": "HIGH"
},
"details": "A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1.",
"id": "GHSA-vxwr-95xc-xxrg",
"modified": "2022-05-13T01:15:22Z",
"published": "2022-05-13T01:15:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0032"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA10921"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/KB27572"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107885"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W2MG-Q8WX-4HQP
Vulnerability from github – Published: 2022-11-14 19:00 – Updated: 2022-11-17 03:30IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user.
{
"affected": [],
"aliases": [
"CVE-2022-35719"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-14T17:15:00Z",
"severity": "MODERATE"
},
"details": "IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user.",
"id": "GHSA-w2mg-q8wx-4hqp",
"modified": "2022-11-17T03:30:51Z",
"published": "2022-11-14T19:00:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35719"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/231370"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6838559"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W369-F878-VGMJ
Vulnerability from github – Published: 2023-11-14 21:31 – Updated: 2023-11-14 21:31Insertion of sensitive information into log file in some Intel(R) On Demand software before versions 1.16.2, 2.1.1, 3.1.0 may allow an authenticated user to potentially enable information disclosure via local access.
{
"affected": [],
"aliases": [
"CVE-2023-32283"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-14T19:15:25Z",
"severity": "MODERATE"
},
"details": "Insertion of sensitive information into log file in some Intel(R) On Demand software before versions 1.16.2, 2.1.1, 3.1.0 may allow an authenticated user to potentially enable information disclosure via local access.",
"id": "GHSA-w369-f878-vgmj",
"modified": "2023-11-14T21:31:02Z",
"published": "2023-11-14T21:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32283"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00914.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W427-3XRR-2CCQ
Vulnerability from github – Published: 2024-02-17 18:30 – Updated: 2024-02-17 18:30IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747.
{
"affected": [],
"aliases": [
"CVE-2023-50951"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-17T16:15:46Z",
"severity": "MODERATE"
},
"details": "IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747.",
"id": "GHSA-w427-3xrr-2ccq",
"modified": "2024-02-17T18:30:31Z",
"published": "2024-02-17T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50951"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275747"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7118604"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.