YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs.
References
Link | Resource |
---|---|
https://www.yugabyte.com/ | Product |
https://www.yugabyte.com/ | Product |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:42
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-08 00:15
Updated : 2024-11-21 08:42
NVD link : CVE-2023-6002
Mitre link : CVE-2023-6002
CVE.ORG link : CVE-2023-6002
JSON object : View
Products Affected
yugabyte
- yugabytedb