Hacker News new | past | comments | ask | show | jobs | submit login

I think it depends how you log the request. If you did

    Logger.debug(request)
Vulnerable

If you did

    Logger.debug("{}", request)
Safe?

Reminds me of early days where sending printf directives to friends in chat applications could cause a crash.

Edit: I see some other comments are indicating parameters are also vulnerable. Crazy.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: