Description
Log Injection (also known as Log Forging) is a vulnerability where an attacker can forge new log entries, due to a bad input sanitisation by the application.
Remediation
All external data should be sanitised before sending it to logs.
When using a simple one line per entry format for the logs, new lines characters should be removed or escaped so that an attacker cannot create new entries.
Affected Assets https://github.com/rsksmart/rif-storage-pinner/releases/tag/v0.2.1
Description Log Injection (also known as Log Forging) is a vulnerability where an attacker can forge new log entries, due to a bad input sanitisation by the application.
Remediation All external data should be sanitised before sending it to logs.
When using a simple one line per entry format for the logs, new lines characters should be removed or escaped so that an attacker cannot create new entries.
References https://owasp.org/www-community/attacks/Log_Injection
https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html
https://thesecurityvault.com/appsec/log-forging-vulnerability-and-how-to-fix-it/