In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. References: https://tanzu.vmware.com/security/cve-2021-22096
Created springframework tracking bugs for this issue: Affects: fedora-all [bug 2034585]
This issue has been addressed in the following products: RHPAM 7.12.1 Via RHSA-2022:1108 https://access.redhat.com/errata/RHSA-2022:1108
This issue has been addressed in the following products: RHDM 7.12.1 Via RHSA-2022:1110 https://access.redhat.com/errata/RHSA-2022:1110
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-22096
This issue has been addressed in the following products: Red Hat Fuse 7.11 Via RHSA-2022:5532 https://access.redhat.com/errata/RHSA-2022:5532
This issue has been addressed in the following products: Red Hat Virtualization Engine 4.4 Via RHSA-2022:6393 https://access.redhat.com/errata/RHSA-2022:6393