CVE-2024-35371: 
Java vulnerability analysis and mitigation

Ant-Media-Server v2.8.2 is affected by Improper Output Neutralization for Logs vulnerability (CVE-2024-35371). The vulnerability was discovered and disclosed on November 29, 2024. The issue stems from insufficient input sanitization in the logging mechanism, where user-controllable data such as identifiers or other sensitive information can be included in log entries without proper filtering or validation (NVD).

The vulnerability is related to improper output neutralization for logs in the Ant-Media-Server application. The issue exists in the logging functionality where user-controlled data is not properly sanitized before being written to log files. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 HIGH with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (CISA Bulletin).

The vulnerability allows attackers to potentially include unsanitized data in log entries, which could lead to information disclosure. Since the CVSS score indicates high confidentiality impact with network accessibility, this could potentially expose sensitive information through log files (NVD).

A fix has been implemented in a commit to the Ant-Media-Server repository that addresses the logging vulnerability by improving the sanitization of user input in log entries (GitHub Commit). Users should upgrade to the patched version when available.