Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1744 vulnerabilities reference this CWE, most recent first.

GHSA-X3VM-88HF-GPXP

Vulnerability from github – Published: 2025-07-15 15:18 – Updated: 2025-07-15 15:18
VLAI
Summary
Directus is vulnerable to sensitive data exposure as user data is not being redacted when logged
Details

Summary

When using Directus Flows to handle CRUD events for users it is possible to log the incoming data to console using the "Log to Console" operation and a template string.

Impact

Malicious admins can log sensitive data from other users when they are created or updated.

Workarounds

Avoid logging sensitive data to the console outside the context of development.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "directus"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "11.9.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-53885"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-15T15:18:06Z",
    "nvd_published_at": "2025-07-15T00:15:23Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nWhen using Directus Flows to handle CRUD events for users it is possible to log the incoming data to console using the \"Log to Console\" operation and a template string. \n\n### Impact\n\nMalicious admins can log sensitive data from other users when they are created or updated.\n\n### Workarounds\nAvoid logging sensitive data to the console outside the context of development.",
  "id": "GHSA-x3vm-88hf-gpxp",
  "modified": "2025-07-15T15:18:06Z",
  "published": "2025-07-15T15:18:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/directus/directus/security/advisories/GHSA-x3vm-88hf-gpxp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53885"
    },
    {
      "type": "WEB",
      "url": "https://github.com/directus/directus/pull/25355"
    },
    {
      "type": "WEB",
      "url": "https://github.com/directus/directus/commit/859f664f56fb50401c407b095889cea38ff580e5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/directus/directus"
    },
    {
      "type": "WEB",
      "url": "https://github.com/directus/directus/releases/tag/v11.9.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Directus is vulnerable to sensitive data exposure as user data is not being redacted when logged"
}

GHSA-X4M4-345F-5H5G

Vulnerability from github – Published: 2026-04-09 21:31 – Updated: 2026-06-18 23:09
VLAI
Summary
Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File
Details

Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116.

Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-tribes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.13"
            },
            {
              "fixed": "9.0.117"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-tribes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.1.0-M1"
            },
            {
              "fixed": "10.1.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-tribes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0-M1"
            },
            {
              "fixed": "11.0.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.13"
            },
            {
              "fixed": "9.0.117"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.1.0-M1"
            },
            {
              "fixed": "10.1.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0-M1"
            },
            {
              "fixed": "11.0.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34487"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-10T21:38:41Z",
    "nvd_published_at": "2026-04-09T20:16:25Z",
    "severity": "HIGH"
  },
  "details": "Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.",
  "id": "GHSA-x4m4-345f-5h5g",
  "modified": "2026-06-18T23:09:48Z",
  "published": "2026-04-09T21:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34487"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/301bc6efbf72feb14dacfdfa3f50372182736150"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/5eff2a773b8b728083e5195b3183df1b9e12a03d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/f593292a082e5ef9336a8db2b4b522f7f3e36976"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/tomcat"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h"
    },
    {
      "type": "WEB",
      "url": "https://tomcat.apache.org/security-10.html"
    },
    {
      "type": "WEB",
      "url": "https://tomcat.apache.org/security-11.html"
    },
    {
      "type": "WEB",
      "url": "https://tomcat.apache.org/security-9.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/09/28"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File"
}

GHSA-X4MC-CQQX-F746

Vulnerability from github – Published: 2023-12-14 09:30 – Updated: 2024-09-18 09:30
VLAI
Details

In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1904"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-14T08:15:36Z",
    "severity": "MODERATE"
  },
  "details": "In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.\n\n",
  "id": "GHSA-x4mc-cqqx-f746",
  "modified": "2024-09-18T09:30:34Z",
  "published": "2023-12-14T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1904"
    },
    {
      "type": "WEB",
      "url": "https://advisories.octopus.com/post/2023/sa2023-12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X4R3-2P23-JWM4

Vulnerability from github – Published: 2026-03-26 00:30 – Updated: 2026-03-26 00:30
VLAI
Details

IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36187"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T22:16:19Z",
    "severity": "MODERATE"
  },
  "details": "IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.",
  "id": "GHSA-x4r3-2p23-jwm4",
  "modified": "2026-03-26T00:30:55Z",
  "published": "2026-03-26T00:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36187"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7267542"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X58V-XFQH-24P6

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12
VLAI
Details

An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22929"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-31T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.",
  "id": "GHSA-x58v-xfqh-24p6",
  "modified": "2022-05-24T19:12:35Z",
  "published": "2022-05-24T19:12:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22929"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1249056"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-X58X-95FF-FVVP

Vulnerability from github – Published: 2022-05-24 22:33 – Updated: 2022-05-24 22:33
VLAI
Details

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the ‘/var/log/demisto/’ server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3034"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-10T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the \u2018/var/log/demisto/\u2019 server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.",
  "id": "GHSA-x58x-95ff-fvvp",
  "modified": "2022-05-24T22:33:53Z",
  "published": "2022-05-24T22:33:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3034"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2021-3034"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-X6PQ-9VMV-RCJM

Vulnerability from github – Published: 2022-05-14 01:36 – Updated: 2022-05-14 01:36
VLAI
Details

An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances where sensitive data passed from Safari to 1Password could be logged locally on the user's machine. This data could include usernames and passwords that a user manually entered into Safari.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-19863"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-22T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances where sensitive data passed from Safari to 1Password could be logged locally on the user\u0027s machine. This data could include usernames and passwords that a user manually entered into Safari.",
  "id": "GHSA-x6pq-9vmv-rcjm",
  "modified": "2022-05-14T01:36:39Z",
  "published": "2022-05-14T01:36:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19863"
    },
    {
      "type": "WEB",
      "url": "https://app-updates.agilebits.com/product_history/OPM7#v70203009"
    },
    {
      "type": "WEB",
      "url": "https://discussions.agilebits.com/discussion/99429/the-security-content-of=-betas-7-2-3-beta-3-and-7-2-3-beta-4/p1?new=3D1"
    },
    {
      "type": "WEB",
      "url": "https://support.1password.com/kb/201812"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X75C-F5W5-HW79

Vulnerability from github – Published: 2025-03-06 12:30 – Updated: 2025-03-06 12:30
VLAI
Details

A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, thereby mitigating this risk.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1696"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-06T12:15:36Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data\u2014potentially including sensitive details\u2014was written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, thereby mitigating this risk.",
  "id": "GHSA-x75c-f5w5-hw79",
  "modified": "2025-03-06T12:30:44Z",
  "published": "2025-03-06T12:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1696"
    },
    {
      "type": "WEB",
      "url": "https://docs.docker.com/desktop/settings-and-maintenance/settings/#proxies"
    },
    {
      "type": "WEB",
      "url": "https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-X8M7-F4F6-46C2

Vulnerability from github – Published: 2024-04-10 18:30 – Updated: 2025-04-08 15:30
VLAI
Details

Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31298"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-10T16:15:14Z",
    "severity": "MODERATE"
  },
  "details": "Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0.",
  "id": "GHSA-x8m7-f4f6-46c2",
  "modified": "2025-04-08T15:30:55Z",
  "published": "2024-04-10T18:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31298"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/user-spam-remover/wordpress-user-spam-remover-plugin-1-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X8MF-JCMF-R79F

Vulnerability from github – Published: 2024-06-26 18:30 – Updated: 2024-06-26 20:00
VLAI
Summary
Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin
Details

Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.

Bitbucket Branch Source Plugin 887.va_d359b_3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the build log.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 886.v44cf5e4ecec5"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "887.va"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-39460"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-26T20:00:03Z",
    "nvd_published_at": "2024-06-26T17:15:27Z",
    "severity": "MODERATE"
  },
  "details": "Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.\n\nBitbucket Branch Source Plugin 887.va_d359b_3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the build log.\n",
  "id": "GHSA-x8mf-jcmf-r79f",
  "modified": "2024-06-26T20:00:04Z",
  "published": "2024-06-26T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39460"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/bitbucket-branch-source-plugin/commit/ad359b3d2d8d6c114025d81abc59b3c9acb636df"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/bitbucket-branch-source-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/06/26/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin "
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.