Common Weakness Enumeration

CWE-779

Allowed

Logging of Excessive Data

Abstraction: Base · Status: Draft

The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.

29 vulnerabilities reference this CWE, most recent first.

GHSA-9768-HPRV-CRJ5

Vulnerability from github – Published: 2025-07-09 18:30 – Updated: 2025-11-05 19:58
VLAI
Summary
Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages
Details

Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log.

Credentials Binding Plugin 687.689.v1a_f775332fc9 rethrows exceptions that contain credentials, masking those credentials in the error messages.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:credentials-binding"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "687.689.v1a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-53650"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522",
      "CWE-779"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-09T20:28:31Z",
    "nvd_published_at": "2025-07-09T16:15:24Z",
    "severity": "MODERATE"
  },
  "details": "Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log.\n\nCredentials Binding Plugin 687.689.v1a_f775332fc9 rethrows exceptions that contain credentials, masking those credentials in the error messages.",
  "id": "GHSA-9768-hprv-crj5",
  "modified": "2025-11-05T19:58:33Z",
  "published": "2025-07-09T18:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53650"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/credentials-binding-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3499"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/07/09/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages"
}

GHSA-F8XF-95R6-R95H

Vulnerability from github – Published: 2026-05-14 18:32 – Updated: 2026-05-14 18:32
VLAI
Details

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user.

This vulnerability exists because sensitive session information is recorded in audit logs. An attacker could exploit this vulnerability by elevating their read-only permissions in Cisco Catalyst SD-WAN Manager to those of a high-privileged user. A successful exploit could allow the attacker to perform actions as a high-privileged user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20209"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-779"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-14T17:16:19Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user.\n\nThis vulnerability exists because sensitive session information is recorded in audit logs. An attacker could exploit this vulnerability by elevating their read-only permissions in Cisco Catalyst SD-WAN Manager to those of a high-privileged user. A successful exploit could allow the attacker to perform actions as a high-privileged user.",
  "id": "GHSA-f8xf-95r6-r95h",
  "modified": "2026-05-14T18:32:56Z",
  "published": "2026-05-14T18:32:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20209"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FH55-R93G-J68G

Vulnerability from github – Published: 2026-01-05 23:13 – Updated: 2026-01-06 16:07
VLAI
Summary
AIOHTTP Vulnerable to Cookie Parser Warning Storm
Details

Summary

Reading multiple invalid cookies can lead to a logging storm.

Impact

If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header.


Patch: https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.13.2"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "aiohttp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.13.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-69230"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-779"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-05T23:13:46Z",
    "nvd_published_at": "2026-01-06T00:15:48Z",
    "severity": "LOW"
  },
  "details": "### Summary\nReading multiple invalid cookies can lead to a logging storm.\n\n### Impact\nIf the ``cookies`` attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header.\n\n----\n\nPatch: https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326",
  "id": "GHSA-fh55-r93g-j68g",
  "modified": "2026-01-06T16:07:02Z",
  "published": "2026-01-05T23:13:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69230"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/aio-libs/aiohttp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "AIOHTTP Vulnerable to Cookie Parser Warning Storm"
}

GHSA-JR5R-6HPC-772G

Vulnerability from github – Published: 2025-07-21 21:31 – Updated: 2025-07-22 15:32
VLAI
Details

A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-51397"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-779"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-21T19:15:31Z",
    "severity": "MODERATE"
  },
  "details": "A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient\u0027 Lists.",
  "id": "GHSA-jr5r-6hpc-772g",
  "modified": "2025-07-22T15:32:42Z",
  "published": "2025-07-21T21:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-51397"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LiveHelperChat/livehelperchat/pull/2228/commits/2056503ad96e04467ec9af8d827109b9b9b46223"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Thewhiteevil/CVE-2025-51397"
    },
    {
      "type": "WEB",
      "url": "https://www.dropbox.com/scl/fi/qrbtcv8bir2i8ielguyi3/2025-05-09-13-58-50.mp4?rlkey=thcbqxuzpm37o73j0ywsu3h3u\u0026st=fhird68s\u0026dl=0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M7F8-VG5V-4M9M

Vulnerability from github – Published: 2026-05-14 18:32 – Updated: 2026-05-14 18:32
VLAI
Details

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system.

This vulnerability exists because of a failure to redact sensitive information within device configurations and templates. An attacker could exploit this vulnerability by elevating their read-only permissions to those of a high-privileged user. A successful exploit could allow the attacker to access or modify configuration settings within Cisco Catalyst SD-WAN Manager as a high-privileged user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20210"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-779"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-14T17:16:20Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system.\n\nThis vulnerability exists because of a failure to redact sensitive information within device configurations and templates. An attacker could exploit this vulnerability by elevating their read-only permissions to those of a high-privileged user. A successful exploit could allow the attacker to access or modify configuration settings within Cisco Catalyst SD-WAN Manager as a high-privileged user.",
  "id": "GHSA-m7f8-vg5v-4m9m",
  "modified": "2026-05-14T18:32:56Z",
  "published": "2026-05-14T18:32:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20210"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VV3X-748Q-QW26

Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2023-02-06 21:30
VLAI
Details

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23949"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-779",
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-26T21:18:00Z",
    "severity": "MODERATE"
  },
  "details": "An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.",
  "id": "GHSA-vv3x-748q-qw26",
  "modified": "2023-02-06T21:30:34Z",
  "published": "2023-01-26T21:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23949"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/21174"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WGPQ-P2HM-56V9

Vulnerability from github – Published: 2024-02-01 15:30 – Updated: 2024-05-23 13:55
VLAI
Summary
glance-store logs s3 access keys
Details

A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "glance-store"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "4.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-1141"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532",
      "CWE-779"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-05T22:32:25Z",
    "nvd_published_at": "2024-02-01T15:15:08Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.",
  "id": "GHSA-wgpq-p2hm-56v9",
  "modified": "2024-05-23T13:55:44Z",
  "published": "2024-02-01T15:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1141"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/glance_store/commit/d6e531af4821c8466b1e9404f12f89f6216417f2"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2732"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-1141"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258836"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openstack/glance_store"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "glance-store logs s3 access keys"
}

GHSA-X6CM-R62J-FH2W

Vulnerability from github – Published: 2024-06-27 21:32 – Updated: 2024-07-09 18:30
VLAI
Details

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application which allows an unauthenticated remote attacker to send a malicious request, resulting in the ability to execute system commands with root privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36072"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-779"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-27T21:15:15Z",
    "severity": "CRITICAL"
  },
  "details": "Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application which allows an unauthenticated remote attacker to send a malicious request, resulting in the ability to execute system commands with root privileges.",
  "id": "GHSA-x6cm-r62j-fh2w",
  "modified": "2024-07-09T18:30:42Z",
  "published": "2024-06-27T21:32:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36072"
    },
    {
      "type": "WEB",
      "url": "https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XP4F-G2CM-RHG7

Vulnerability from github – Published: 2026-04-15 19:43 – Updated: 2026-04-15 19:43
VLAI
Summary
PocketMine-MP has LogDoS by many junk properties in client data JWT in LoginPacket
Details

Impact

Attackers can fill the body of the clientData JWT in LoginPacket with lots of junk properties, causing the server to flood warning messages, as well as wasting CPU time.

This happens because the JsonMapper instance used to process the JWT body is configured to warn on unexpected properties instead of rejecting them outright. While this behaviour increases flexibility for random changes introduced by Microsoft, it also creates vulnerabilities if not handled carefully.

This vulnerability affects PocketMine-MP servers exposed to a public network where unknown actors may have access.

Patches

This issue was fixed in c1d4a813fb8c21bfd8b9affd040da864b794df71 by restricting the number of unknown properties to 10, and rejecting the packet if this limit is exceeded. This continues to tolerate random additions to the JWT between versions, while preventing the logger from being abused by clients to slow down the server.

Workarounds

Plugins can handle DataPacketReceiveEvent to capture LoginPacket, and pre-process the clientData JWT to ensure it doesn't have any unusual properties in it. This can be achieved using JsonMapper (see the original affected code below) and setting the bExceptionOnUndefinedProperty flag to true. A JsonMapper_Exception will be thrown if the JWT is problematic.

However, it's important to caveat that this approach may cause login failures if any unexpected properties appear out of the blue in future versions (which has happened in the past).

References

Affected code:

https://github.com/pmmp/PocketMine-MP/blob/5.41.1/src/network/mcpe/handler/LoginPacketHandler.php#L289-L303 https://github.com/pmmp/PocketMine-MP/blob/5.41.1/src/network/mcpe/handler/LoginPacketHandler.php#L334-L350

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "pocketmine/pocketmine-mp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.42.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-779"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-15T19:43:33Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nAttackers can fill the body of the clientData JWT in LoginPacket with lots of junk properties, causing the server to flood warning messages, as well as wasting CPU time.\n\nThis happens because the JsonMapper instance used to process the JWT body is configured to warn on unexpected properties instead of rejecting them outright. While this behaviour increases flexibility for random changes introduced by Microsoft, it also creates vulnerabilities if not handled carefully.\n\nThis vulnerability affects PocketMine-MP servers exposed to a public network where unknown actors may have access.\n\n### Patches\n\nThis issue was fixed in c1d4a813fb8c21bfd8b9affd040da864b794df71 by restricting the number of unknown properties to 10, and rejecting the packet if this limit is exceeded. This continues to tolerate random additions to the JWT between versions, while preventing the logger from being abused by clients to slow down the server.\n\n### Workarounds\nPlugins can handle `DataPacketReceiveEvent` to capture `LoginPacket`, and pre-process the clientData JWT to ensure it doesn\u0027t have any unusual properties in it. This can be achieved using `JsonMapper` (see the original affected code below) and setting the `bExceptionOnUndefinedProperty` flag to `true`. A `JsonMapper_Exception` will be thrown if the JWT is problematic.\n\nHowever, it\u0027s important to caveat that this approach may cause login failures if any unexpected properties appear out of the blue in future versions (which has happened in the past).\n\n### References\nAffected code:\n\nhttps://github.com/pmmp/PocketMine-MP/blob/5.41.1/src/network/mcpe/handler/LoginPacketHandler.php#L289-L303\nhttps://github.com/pmmp/PocketMine-MP/blob/5.41.1/src/network/mcpe/handler/LoginPacketHandler.php#L334-L350",
  "id": "GHSA-xp4f-g2cm-rhg7",
  "modified": "2026-04-15T19:43:33Z",
  "published": "2026-04-15T19:43:33Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/pmmp/PocketMine-MP/security/advisories/GHSA-xp4f-g2cm-rhg7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pmmp/PocketMine-MP/commit/c1d4a813fb8c21bfd8b9affd040da864b794df71"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pmmp/PocketMine-MP"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pmmp/PocketMine-MP/blob/5.41.1/src/network/mcpe/handler/LoginPacketHandler.php#L289-L303"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pmmp/PocketMine-MP/blob/5.41.1/src/network/mcpe/handler/LoginPacketHandler.php#L334-L350"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "PocketMine-MP has LogDoS by many junk properties in client data JWT in LoginPacket"
}

Mitigation
Architecture and Design

Suppress large numbers of duplicate log messages and replace them with periodic summaries. For example, syslog may include an entry that states "last message repeated X times" when recording repeated events.

Mitigation
Architecture and Design

Support a maximum size for the log file that can be controlled by the administrator. If the maximum size is reached, the admin should be notified. Also, consider reducing functionality of the product. This may result in a denial-of-service to legitimate product users, but it will prevent the product from adversely impacting the entire system.

Mitigation
Implementation

Adjust configurations appropriately when the product is transitioned from a debug state to production.

No CAPEC attack patterns related to this CWE.