CVEs-PoC/2021/CVE-2021-22096.md

### [CVE-2021-22096](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22096)
![](https://img.shields.io/static/v1?label=Product&message=Spring%20Framework&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Spring%20Framework%20versions%205.3.x%20prior%20to%205.3.12%2B%2C%205.2.x%20prior%20to%20%205.2.18%2B%20and%20all%20older%20unsupported%20versions%20are%20impacted.%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-117%3A%20Improper%20Output%20Neutralization%20for%20Logs&color=brightgreen)

### Description

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

### POC

#### Reference
- https://www.oracle.com/security-alerts/cpuapr2022.html

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/auth0/auth0-spring-security-api
- https://github.com/hinat0y/Dataset1
- https://github.com/hinat0y/Dataset10
- https://github.com/hinat0y/Dataset11
- https://github.com/hinat0y/Dataset12
- https://github.com/hinat0y/Dataset2
- https://github.com/hinat0y/Dataset3
- https://github.com/hinat0y/Dataset4
- https://github.com/hinat0y/Dataset5
- https://github.com/hinat0y/Dataset6
- https://github.com/hinat0y/Dataset7
- https://github.com/hinat0y/Dataset8
- https://github.com/hinat0y/Dataset9
- https://github.com/iabudiab/dependency-track-maven-plugin
- https://github.com/muneebaashiq/MBProjects
- https://github.com/scordero1234/java_sec_demo-main