Common Weakness Enumeration

CWE-75

Discouraged

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

Abstraction: Class · Status: Draft

The product does not adequately filter user-controlled input for special elements with control implications.

59 vulnerabilities reference this CWE, most recent first.

GHSA-C8Q2-82X8-W4XJ

Vulnerability from github – Published: 2024-10-17 03:31 – Updated: 2024-10-17 03:31
VLAI
Details

The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views form submissions in their email.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9940"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-75",
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-17T02:15:04Z",
    "severity": "MODERATE"
  },
  "details": "The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views form submissions in their email.",
  "id": "GHSA-c8q2-82x8-w4xj",
  "modified": "2024-10-17T03:31:31Z",
  "published": "2024-10-17T03:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9940"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3168950%40calculated-fields-form\u0026new=3168950%40calculated-fields-form\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2c9f6a5-8698-4452-bf0a-c1d796b2fdad?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CVG2-7C3J-G36J

Vulnerability from github – Published: 2023-12-18 19:31 – Updated: 2023-12-18 19:31
VLAI
Summary
Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri
Details

Keycloak prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This could permit an attacker to submit a specially crafted request leading to XSS or possibly further attacks.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-services"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "23.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-6134"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-75"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-18T19:31:02Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Keycloak prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This could permit an attacker to submit a specially crafted request leading to XSS or possibly further attacks.",
  "id": "GHSA-cvg2-7c3j-g36j",
  "modified": "2023-12-18T19:31:02Z",
  "published": "2023-12-18T19:31:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:7854"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:7855"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:7856"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:7857"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:7858"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:7860"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:7861"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-6134"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keycloak/keycloak"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri"
}

GHSA-F52W-FF63-7F4C

Vulnerability from github – Published: 2023-02-09 21:30 – Updated: 2023-02-17 21:30
VLAI
Details

A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23912"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-75",
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-09T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.",
  "id": "GHSA-f52w-ff63-7f4c",
  "modified": "2023-02-17T21:30:41Z",
  "published": "2023-02-09T21:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23912"
    },
    {
      "type": "WEB",
      "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FG3W-VV3R-VRGH

Vulnerability from github – Published: 2024-03-05 15:32 – Updated: 2025-03-28 18:32
VLAI
Details

A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with administrative privileges can inject and execute arbitrary PHP code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27622"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-75"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-05T14:15:49Z",
    "severity": "HIGH"
  },
  "details": "A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19. This vulnerability arises from inadequate sanitization of user-supplied input in the \u0027Code\u0027 section of the module. As a result, authenticated users with administrative privileges can inject and execute arbitrary PHP code.",
  "id": "GHSA-fg3w-vv3r-vrgh",
  "modified": "2025-03-28T18:32:49Z",
  "published": "2024-03-05T15:32:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27622"
    },
    {
      "type": "WEB",
      "url": "https://github.com/capture0x/CMSMadeSimple"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/177241/CMS-Made-Simple-2.2.19-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/pwning-cmsms-via-user-defined-tags-for-fun-and-learning-cve-2024-27622-27623"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FJ7X-Q9J7-G6Q6

Vulnerability from github – Published: 2024-03-19 06:30 – Updated: 2024-03-20 15:24
VLAI
Summary
Black vulnerable to Regular Expression Denial of Service (ReDoS)
Details

Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service.

Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "black"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "24.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-21503"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333",
      "CWE-75"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-20T15:24:01Z",
    "nvd_published_at": "2024-03-19T05:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service.\n\nExploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.",
  "id": "GHSA-fj7x-q9j7-g6q6",
  "modified": "2024-03-20T15:24:01Z",
  "published": "2024-03-19T06:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21503"
    },
    {
      "type": "WEB",
      "url": "https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/psf/black"
    },
    {
      "type": "WEB",
      "url": "https://github.com/psf/black/releases/tag/24.3.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/black/PYSEC-2024-48.yaml"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-PYTHON-BLACK-6256273"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Black vulnerable to Regular Expression Denial of Service (ReDoS)"
}

GHSA-G359-P277-83P3

Vulnerability from github – Published: 2025-01-22 00:33 – Updated: 2025-01-22 15:32
VLAI
Details

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has been fixed in the latest versions of Ambari.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-51941"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-75",
      "CWE-77",
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-21T22:15:12Z",
    "severity": "HIGH"
  },
  "details": "A remote code injection vulnerability exists in the Ambari Metrics and \nAMS Alerts feature, allowing authenticated users to inject and execute \narbitrary code. The vulnerability occurs when processing alert \ndefinitions, where malicious input can be injected into the alert script\n execution path. An attacker with authenticated access can exploit this \nvulnerability to execute arbitrary commands on the server. The issue has\n been fixed in the latest versions of Ambari.",
  "id": "GHSA-g359-p277-83p3",
  "modified": "2025-01-22T15:32:33Z",
  "published": "2025-01-22T00:33:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51941"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/xq50nlff7o7z1kq3y637clzzl6mjhl8j"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/01/21/9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H2C6-38HV-3JWX

Vulnerability from github – Published: 2023-01-15 03:30 – Updated: 2023-01-24 18:30
VLAI
Details

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0302"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74",
      "CWE-75"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-15T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2.",
  "id": "GHSA-h2c6-38hv-3jwx",
  "modified": "2023-01-24T18:30:32Z",
  "published": "2023-01-15T03:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0302"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radareorg/radare2/commit/961f0e723903011d4f54c2396e44efa91fcc74ce"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/583133af-7ae6-4a21-beef-a4b0182cf82e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HWVQ-6GJX-J797

Vulnerability from github – Published: 2021-08-23 19:40 – Updated: 2024-10-01 21:17
VLAI
Summary
Special Element Injection in notebook
Details

Impact

Untrusted notebook can execute code on load. This is a remote code execution, but requires user action to open a notebook.

Patches

5.7.11, 6.4.1

References

OWASP Page on Injection Prevention

For more information

If you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list security@ipython.org.

Credit: Guillaume Jeanne from Google

Example:

A notebook with the following content in a cell and it would display an alert when opened for the first time in Notebook (in an untrusted state):

``` { "cell_type": "code", "execution_count": 0, "metadata": {}, "outputs": [ { "data": { "text/html": [ "\n"], "text/plain": [] }, "metadata": {}, "output_type": "display_data" } ], "source": [ "" ] } ````

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "notebook"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.7.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "notebook"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-32798"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-75",
      "CWE-79",
      "CWE-80"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-23T16:44:43Z",
    "nvd_published_at": "2021-08-09T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nUntrusted notebook can execute code on load. This is a remote code execution, but requires user action to open a notebook.\n\n### Patches\n\n5.7.11, 6.4.1\n\n### References\n\n[OWASP Page on Injection Prevention](https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_Cheat_Sheet.html#injection-prevention-rules)\n\n### For more information\n\nIf you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list security@ipython.org.\n\nCredit: Guillaume Jeanne from Google\n\n\n### Example:\n\nA notebook with the following content in a cell and it would display an alert when opened for the first time in Notebook (in an untrusted state):\n\n```\n{ \"cell_type\": \"code\", \"execution_count\": 0, \"metadata\": {}, \"outputs\": [ { \"data\": { \"text/html\": [ \"\u003cselect\u003e\u003ciframe\u003e\u003c/select\u003e\u003cimg src=x: onerror=alert(\u0027xss\u0027)\u003e\\n\"], \"text/plain\": [] }, \"metadata\": {}, \"output_type\": \"display_data\" } ], \"source\": [ \"\" ] }\n````",
  "id": "GHSA-hwvq-6gjx-j797",
  "modified": "2024-10-01T21:17:37Z",
  "published": "2021-08-23T19:40:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jupyter/notebook/security/advisories/GHSA-hwvq-6gjx-j797"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32798"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jupyter/notebook/commit/79fc76e890a8ec42f73a3d009e44ef84c14ef0d5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jupyter/notebook"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2021-118.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Special Element Injection in notebook"
}

GHSA-J7G3-QM5C-2J6R

Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2025-04-20 03:34
VLAI
Details

Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-9471"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-75"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-28T02:59:00Z",
    "severity": "LOW"
  },
  "details": "Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren\u0027t properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver.",
  "id": "GHSA-j7g3-qm5c-2j6r",
  "modified": "2025-04-20T03:34:57Z",
  "published": "2022-05-13T01:38:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9471"
    },
    {
      "type": "WEB",
      "url": "https://github.com/revive-adserver/revive-adserver/commit/05b1eceb"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/128181"
    },
    {
      "type": "WEB",
      "url": "https://www.revive-adserver.com/security/revive-sa-2016-002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JV22-34XC-W9X6

Vulnerability from github – Published: 2026-04-14 09:30 – Updated: 2026-04-16 15:31
VLAI
Details

Header injection vulnerability in Apache APISIX.

The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0.

Users are recommended to upgrade to version 3.16.0, which fixes the issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31908"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-75"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-14T09:16:35Z",
    "severity": "CRITICAL"
  },
  "details": "Header injection vulnerability in Apache APISIX.\n\nThe attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers.\nThis issue affects Apache APISIX: from 2.12.0 through 3.15.0.\n\nUsers are recommended to upgrade to version 3.16.0, which fixes the issue.",
  "id": "GHSA-jv22-34xc-w9x6",
  "modified": "2026-04-16T15:31:29Z",
  "published": "2026-04-14T09:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31908"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/sob643s5lztov7x579j8o0c444t36n6b"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/14/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Requirements

Programming languages and supporting technologies might be chosen which are not subject to these issues.

Mitigation
Implementation

Utilize an appropriate mix of allowlist and denylist parsing to filter special element syntax from all input.

CAPEC-81: Web Server Logs Tampering

Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.

CAPEC-93: Log Injection-Tampering-Forging

This attack targets the log files of the target host. The attacker injects, manipulates or forges malicious log entries in the log file, allowing them to mislead a log audit, cover traces of attack, or perform other malicious actions. The target host is not properly controlling log access. As a result tainted data is resulting in the log files leading to a failure in accountability, non-repudiation and incident forensics capability.