Seam logging evaluates expression language (EL) statements in log messages. If an application includes user-provided strings in log messages directly via string concatenation, then a remote attacker could inject EL statements directly into the log messages, which would be evaluated on the server. If debug logging is enabled, Zanata performs logging of user-supplied strings using string concatenation. A remote attacker could use this flaw to execute arbitrary code in the context of the application server running Zanata.
This issue was discovered by David Jorm of the Red Hat Security Response Team. The reporter acknowledges Adrian Hayes of Security-Assessment.com as the original reporter of this category of flaw.
Upstream patch commit:
Not Vulnerable. Zanata is not shipped in any supported Red Hat products.