{"id":"CVE-2021-34797","details":"Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix \"sysprop-\", \"javax.net.ssl\", or \"security-\". This issue is fixed by overhauling the log file redaction in Apache Geode versions 1.12.5, 1.13.5, and 1.14.0.","aliases":["GHSA-mw25-f5r2-hpc6"],"modified":"2026-05-08T22:27:26.686110Z","published":"2022-01-04T09:15:07.127Z","references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread/nq2w9gjzm1cjx1rh6zw41ty39qw7qpx4"},{"type":"ADVISORY","url":"https://lists.apache.org/thread/p4l0g49rzzzpn8yt9q9p0xp52h3zmsmk"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/geode","events":[{"introduced":"0"},{"last_affected":"d5f3108caf9056889a14e18555b16d39d2e668aa"},{"introduced":"79de6fd5232e2e0a79faa1e5c03cb0caf9ed514d"},{"last_affected":"4984b0434dde8e065d5392f5818239e9041c72b2"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"1.12.4"},{"introduced":"1.13.0"},{"last_affected":"1.13.4"}],"cpe":"cpe:2.3:a:apache:geode:*:*:*:*:*:*:*:*"}}],"versions":["develop/highwater","rel/v1.12.0","rel/v1.12.1","rel/v1.12.2","rel/v1.12.3","rel/v1.12.4","rel/v1.13.0","rel/v1.13.1","rel/v1.13.2","rel/v1.13.3","rel/v1.13.4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-34797.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}