{"schema_version": "1.6.1", "id": "CVE-2021-34797", "summary": "Apache Geode log file redaction of sensitive information vulnerability", "details": "Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix \"sysprop-\", \"javax.net.ssl\", or \"security-\". This issue is fixed by overhauling the log file redaction in Apache Geode versions 1.12.5, 1.13.5, and 1.14.0.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "Apache Geode"}, {"last_affected": "Apache Geode"}]}]}], "references": [{"type": "ADVISORY", "url": "https://lists.apache.org/thread/p4l0g49rzzzpn8yt9q9p0xp52h3zmsmk"}, {"type": "ADVISORY", "url": "https://lists.apache.org/thread/nq2w9gjzm1cjx1rh6zw41ty39qw7qpx4"}]}