YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs.
References
Link | Resource |
---|---|
https://www.yugabyte.com/ | Product |
Configurations
Configuration 1 (hide)
|
History
15 Nov 2023, 15:16
Type | Values Removed | Values Added |
---|---|---|
First Time |
Yugabyte
Yugabyte yugabytedb |
|
CPE | cpe:2.3:a:yugabyte:yugabytedb:*:*:*:*:*:*:*:* | |
References | () https://www.yugabyte.com/ - Product | |
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
09 Nov 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
Summary | YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs. |
08 Nov 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-08 00:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-6002
Mitre link : CVE-2023-6002
CVE.ORG link : CVE-2023-6002
JSON object : View
Products Affected
yugabyte
- yugabytedb