[
https://issues.apache.org/jira/browse/GEODE-10590?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jinwoo Hwang updated GEODE-10590:
---------------------------------
Description:
Remediation of CVE-2026-34480
Affected versions of this package are vulnerable to Improper Encoding or
Escaping of Output in the XmlLayout plugin. An attacker can cause log events to
be silently lost or malformed by injecting XML 1.0 forbidden characters into
log messages or MDC values. This may result in malformed XML output, which can
cause downstream log-processing systems to drop affected records or prevent log
events from being delivered to their intended destinations.
was:
Remediation of CVE-2026-0636
LDAP Injection via the `parseDN` handling and the LDAP store helpers in
`X509LDAPCertStoreSpi` and `LDAPStoreHelper`. An attacker can influence LDAP
search filters by supplying a crafted X.500 subject or issuer string that is
parsed into an unescaped filter value. This lets the attacker alter the
directory query used to locate certificates and CRLs, causing the application
to retrieve incorrect LDAP entries or fail to find the intended ones, which can
break certificate validation and revocation checks
> Remediation of CVE-2026-34480
> -----------------------------
>
> Key: GEODE-10590
> URL: https://issues.apache.org/jira/browse/GEODE-10590
> Project: Geode
> Issue Type: Improvement
> Reporter: Jinwoo Hwang
> Assignee: Jinwoo Hwang
> Priority: Major
>
> Remediation of CVE-2026-34480
> Affected versions of this package are vulnerable to Improper Encoding or
> Escaping of Output in the XmlLayout plugin. An attacker can cause log events
> to be silently lost or malformed by injecting XML 1.0 forbidden characters
> into log messages or MDC values. This may result in malformed XML output,
> which can cause downstream log-processing systems to drop affected records or
> prevent log events from being delivered to their intended destinations.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)