tainted-log-injection-log-formatter-flask
tainted-log-injection-log-formatter-flask
Detected a logger that logs user input without properly neutralizing the output. The log message could contain characters like
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-117: Improper Output Neutralization for Logs
OWASP:
- A09:2021 - Security Logging and Monitoring Failures
and and cause an attacker to forge log entries or include malicious content into the logs. Use proper input validation and/or output encoding to prevent log entries from being forged.Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-117: Improper Output Neutralization for Logs
OWASP:
- A09:2021 - Security Logging and Monitoring Failures