You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@geode.apache.org by Kirk Lund <kl...@apache.org> on 2022/01/03 21:32:36 UTC

CVE-2021-34797: Apache Geode project log file redaction of sensitive information vulnerability

Description:

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-".

This issue is being tracked as GEODE-9354

Credit:

Apache Geode would like to thank Aaron Lindsey for reporting this issue.