{"id":"CVE-2024-35371","details":"Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included in log entries without restrictions.","aliases":["GHSA-2gx6-qrpp-c4p3"],"modified":"2025-11-20T12:27:02.862879Z","published":"2024-11-29T20:15:20.143Z","references":[{"type":"WEB","url":"https://gist.github.com/1047524396/4eb17867f2e375f4824274c5e7b4d384"},{"type":"WEB","url":"https://github.com/ant-media/Ant-Media-Server/blob/ams-v2.8.2/src/main/java/io/antmedia/rest/RestServiceBase.java#L356"},{"type":"FIX","url":"https://github.com/ant-media/ant-media-server/commit/4d4763bd4fd06e515c19544e5170ca0f34c9ce45"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ant-media/ant-media-server","events":[{"introduced":"0"},{"fixed":"4d4763bd4fd06e515c19544e5170ca0f34c9ce45"}]}],"versions":["ams-v.1.0M1","ams-v.1.0RC","ams-v1.1","ams-v1.1.1","ams-v1.2.0","ams-v1.2.0-SNAPSHOT","ams-v1.2.2","ams-v1.2.3","ams-v1.2.4","ams-v1.2.5","ams-v1.2.6","ams-v1.3.0","ams-v1.3.0-SNAPSHOT","ams-v1.3.1","ams-v1.3.2","ams-v1.3.3","ams-v1.3.4","ams-v1.3.6.1","ams-v1.3.6.2","ams-v1.4.0","ams-v1.4.1","ams-v1.5.0","ams-v1.5.1","ams-v1.5.1.1","ams-v1.5.2","ams-v1.7.0","ams-v1.7.1","ams-v1.7.2","ams-v1.8.0","ams-v1.8.1","ams-v1.9.0","ams-v1.9.1","ams-v2.0.0","ams-v2.1.0","ams-v2.2.0","ams-v2.2.1","ams-v2.3.0","ams-v2.3.0-RC","ams-v2.3.1","ams-v2.3.2","ams-v2.3.3","ams-v2.3.3.1","ams-v2.4.0","ams-v2.4.0.2","ams-v2.4.1","ams-v2.4.2","ams-v2.4.2.1","ams-v2.4.3","ams-v2.5.0","ams-v2.5.1","ams-v2.5.3","ams-v2.6.0","ams-v2.6.1","ams-v2.6.2","ams-v2.6.3","ams-v2.7.0","ams-v2.8.0","ams-v2.8.1","ams-v2.8.2","red5+_1.0","release-1.6.0","release-1.6.1","release-1.6.2","untagged-e09c2795e299b44bcb86","v1.0.1_red5_plus","v1.0.2-M1","v1.0.2-RELEASE","v1.0.3-RELEASE","v1.0.4-RELEASE","v1.0.5-RELEASE","v1.0.6-RELEASE","v1.0.7-M1","v1.0.7-M10","v1.0.7-M2","v1.0.7-M3","v1.0.7-M4","v1.0.7-M5","v1.0.7-M6","v1.0.7-M7","v1.0.7-M8","v1.0.7-M9","v1.0.7-RELEASE","v1.0.7-SNAPSHOT","v1.0.8-M1","v1.0.8-M10","v1.0.8-M11","v1.0.8-M12","v1.0.8-M13","v1.0.8-M2","v1.0.8-M3","v1.0.8-M4","v1.0.8-M5","v1.0.8-M6","v1.0.8-M7","v1.0.8-M8","v1.0.8-M9","v1.0.8-RELEASE","v1.0.9-M1","v1.0.9-M2"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","digest":{"function_hash":"95761701281652367030962544191816879973","length":352},"target":{"file":"src/main/java/io/antmedia/rest/RestServiceBase.java","function":"deleteVoDs"},"source":"https://github.com/ant-media/ant-media-server/commit/4d4763bd4fd06e515c19544e5170ca0f34c9ce45","id":"CVE-2024-35371-444709bd","deprecated":false,"signature_type":"Function"},{"signature_version":"v1","digest":{"function_hash":"3588344635813814824631526258410423810","length":1176},"target":{"file":"src/main/java/io/antmedia/rest/RestServiceBase.java","function":"playNextItem"},"source":"https://github.com/ant-media/ant-media-server/commit/4d4763bd4fd06e515c19544e5170ca0f34c9ce45","id":"CVE-2024-35371-4b667e10","deprecated":false,"signature_type":"Function"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["23753399346690249899021654914988838068","179372199406268492251904292254639271564","26031399485141338604229087849716094191","89185475063565130075353182509861000999","76326278886152943223270605200378510771","236732080366950629853323259256843045892","320194235873817073414156295407239386616","165096110433523903794032965909149369043","245738748441266680693885250355867868570","81006491848804784480976214044998821590","34758059315047979641456798275782013078","44677417436495615503035841339927883538","64383213238504413118756382504882048555","70096759998229486871409674971872702720","288859687097109942231063952056085291252","150281301989471431257362776792123893168","43404427390739069579269469228659889782","184427160938379186738405076773924436204","205812895234838758256823799464181550273"]},"target":{"file":"src/main/java/io/antmedia/rest/RestServiceBase.java"},"source":"https://github.com/ant-media/ant-media-server/commit/4d4763bd4fd06e515c19544e5170ca0f34c9ce45","id":"CVE-2024-35371-7bb8f1eb","deprecated":false,"signature_type":"Line"},{"signature_version":"v1","digest":{"function_hash":"26429641633338691115392505862661463819","length":351},"target":{"file":"src/main/java/io/antmedia/rest/RestServiceBase.java","function":"startRecord"},"source":"https://github.com/ant-media/ant-media-server/commit/4d4763bd4fd06e515c19544e5170ca0f34c9ce45","id":"CVE-2024-35371-883027c6","deprecated":false,"signature_type":"Function"},{"signature_version":"v1","digest":{"function_hash":"228798487391422378546101686830446456162","length":350},"target":{"file":"src/main/java/io/antmedia/rest/RestServiceBase.java","function":"deleteBroadcasts"},"source":"https://github.com/ant-media/ant-media-server/commit/4d4763bd4fd06e515c19544e5170ca0f34c9ce45","id":"CVE-2024-35371-cad1f757","deprecated":false,"signature_type":"Function"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35371.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}