(SECURITY) Fix format string injection vulnerability.

See also: - https://beaglesecurity.com/blog/vulnerability/format-string-vulnerability.html - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
hiddenalpha · Jun 25, 2024 · c4faff5 · c4faff5
1 parent b7a8d64
commit c4faff5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/gateleen-routing/src/main/java/org/swisspush/gateleen/routing/StorageForwarder.java b/gateleen-routing/src/main/java/org/swisspush/gateleen/routing/StorageForwarder.java
@@ -102,7 +102,7 @@ public void handle(final RoutingContext ctx) {
                     response.setStatusCode(StatusCode.INTERNAL_SERVER_ERROR.getStatusCode());
                     response.setStatusMessage(statusMessage);
                     response.end();
-                    log.error(statusMessage, gateleenExceptionFactory.newException(result.cause()));
+                    log.error("{}", statusMessage, gateleenExceptionFactory.newException(result.cause()));
                 } else {
                     Buffer buffer = result.result().body();
                     int headerLength = buffer.getInt(0);