A log injection vulnerability arises when a log entry contains unsanitized user input. A malicious user can insert fake log data and consequently deceive system administrators as to the system's behavior [OWASP 2008]. For example, a user might split a legitimate log entry into two log entries by entering a carriage return and line feed (CRLF) sequence, resulting in two log entries either (or both) of which might be misleading. Log injection attacks can be prevented by sanitizing and validating any untrusted input sent to a log.
...