HIGH 7.1 Maven
logback serialization vulnerability
GHSA-vmq6-5m68-f53m · CVE-2023-6378
Published · Modified
Description
A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-6378
- WEB https://github.com/qos-ch/logback/issues/745#issuecomment-1836227158
- WEB https://github.com/qos-ch/logback/commit/9c782b45be4abdafb7e17481e24e7354c2acd1eb
- WEB https://github.com/qos-ch/logback/commit/b8eac23a9de9e05fb6d51160b3f46acd91af9731
- WEB https://github.com/qos-ch/logback/commit/bb095154be011267b64e37a1d401546e7cc2b7c3
- PACKAGE https://github.com/qos-ch/logback
- WEB https://logback.qos.ch/manual/receivers.html
- WEB https://logback.qos.ch/news.html#1.2.13
- WEB https://logback.qos.ch/news.html#1.3.12
- WEB https://security.netapp.com/advisory/ntap-20241129-0012
Ready to move
Start Securing
Free, no credit card | First findings in minutes