CVEs-PoC/2021/CVE-2021-22060.md

### [CVE-2021-22060](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22060)
![](https://img.shields.io/static/v1?label=Product&message=Spring%20Framework&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Spring%20Framework%205.3.0%20-%205.3.13%2C%205.2.0%20-%205.2.18%2C%20and%20older%20unsupported%20versions%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Malicious%20input%20to%20cause%20the%20insertion%20of%20additional%20log%20entries.&color=brightgreen)

### Description

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.

### POC

#### Reference
- https://www.oracle.com/security-alerts/cpuapr2022.html

#### Github
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/auth0/auth0-spring-security-api
- https://github.com/hinat0y/Dataset1
- https://github.com/hinat0y/Dataset10
- https://github.com/hinat0y/Dataset11
- https://github.com/hinat0y/Dataset12
- https://github.com/hinat0y/Dataset2
- https://github.com/hinat0y/Dataset3
- https://github.com/hinat0y/Dataset4
- https://github.com/hinat0y/Dataset5
- https://github.com/hinat0y/Dataset6
- https://github.com/hinat0y/Dataset7
- https://github.com/hinat0y/Dataset8
- https://github.com/hinat0y/Dataset9
- https://github.com/muneebaashiq/MBProjects
- https://github.com/scordero1234/java_sec_demo-main
- https://github.com/tindoc/spring-blog