{"id":"CVE-2021-22096","details":"In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.","aliases":["GHSA-rfmp-97jj-h8m6"],"modified":"2026-03-14T10:44:23.028174Z","published":"2021-10-28T16:15:07.733Z","references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20211125-0005/"},{"type":"ADVISORY","url":"https://tanzu.vmware.com/security/cve-2021-22096"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/spring-projects/spring-framework","events":[{"introduced":"927b8c15ef20eaaa4002d4b2170cc536a6d6aa35"},{"last_affected":"e45e77fd47e38d008fff7151f47a49f0c4a38d3b"},{"introduced":"5acffaa72da10ba42fe547eeea44d8615cbf99b9"},{"last_affected":"21c3b51e1fcf0a20f9880d280a71cbace4905e41"}],"database_specific":{"versions":[{"introduced":"5.2.0"},{"last_affected":"5.2.17"},{"introduced":"5.3.0"},{"last_affected":"5.3.10"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22096.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.15.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}