Alex Collignon

**Name of the Vulnerable Software and Affected Versions** Apache Sling Resource Merger versions 1.2.0 through 1.4.2 **Description** The issue is related to an Excessive Iteration vulnerability in the Apache Sling Resource Merger. **Recommendations** For versions 1.2.0 through 1.4.2, update to version 1.4.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Sling Commons Log versions 5.4.0 and earlier Apache Sling API versions 2.25.0 and earlier **Description** The issue allows an attacker to forge logs, potentially covering their tracks by injecting fake logs and corrupting log files. This is due to a log injection vulnerability. **Recommendations** For Apache Sling Commons Log versions 5.4.0 and earlier, update to a version later than 5.4.0 to resolve the issue. For Apache Sling API versions 2.25.0 and earlier, update to a version later than 2.25.0 to resolve the issue. As a temporary workaround, consider restricting access to log files to minimize the risk of exploitation.