diff --git a/maven/org.apache.geode/geode-core/CVE-2021-34797.yml b/maven/org.apache.geode/geode-core/CVE-2021-34797.yml new file mode 100644 index 0000000000000000000000000000000000000000..4992912038798749044e75e07201f29a4193a56b --- /dev/null +++ b/maven/org.apache.geode/geode-core/CVE-2021-34797.yml @@ -0,0 +1,29 @@ +--- +identifier: "CVE-2021-34797" +identifiers: +- "CVE-2021-34797" +package_slug: "maven/org.apache.geode/geode-core" +title: "Insertion of Sensitive Information into Log File" +description: "Apache Geode is vulnerable to log file redaction of sensitive information flaw + when using values that begin with characters other than letters or numbers for passwords." +date: "2022-01-12" +pubdate: "2022-01-04" +affected_range: "(,1.12.4],[1.13.0,1.13.4]" +fixed_versions: +- "1.12.5" +- "1.13.5" +affected_versions: "All versions up to 1.12.4, all versions starting from 1.13.0 up + to 1.13.4" +not_impacted: "All versions after 1.12.4 before 1.13.0, all versions after 1.13.4" +solution: "Upgrade to versions 1.12.5, 1.13.5 or above." +urls: +- "https://nvd.nist.gov/vuln/detail/CVE-2021-34797" +- "https://lists.apache.org/thread/p4l0g49rzzzpn8yt9q9p0xp52h3zmsmk" +- "https://lists.apache.org/thread/nq2w9gjzm1cjx1rh6zw41ty39qw7qpx4" +cvss_v2: "AV:N/AC:L/Au:N/C:P/I:N/A:N" +cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" +uuid: "45d17427-bba7-413b-b646-76f3cba48e13" +cwe_ids: +- "CWE-1035" +- "CWE-532" +- "CWE-937"