User-supplied data such as scripts, control characters, escape sequences, or code fragments may be written to logs without proper encoding or sanitization. This can result in malformed or unexpected log entries that could disrupt or compromise systems that process or display these logs, including log viewers or downstream services.
Management / Logging / Threats / DEV
Log Injection
CCC.Logging.TH06
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP10 | Log Publication | The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service. |
| CCC.Logging.CP01 | Service Log Capture | Ability to capture logs from all relevant cloud services at varying levels of verbosity. |
| CCC.Logging.CP02 | Application Log Ingestion | Support for ingesting logs from custom applications deployed within the cloud environment. |
External Mappings
| Framework | ID | Remarks |
|---|---|---|
| OWASPTOP10 | A03:2021 | |
| OWASPTOP10 | A09:2021 | |
| CWE | CWE-79 | |
| CWE | CWE-117 | |
| CWE | CWE-116 |