New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
UNKNOWN Maven

QOS.CH logback-core Server-Side Request Forgery vulnerability

GHSA-6v67-2wr5-gvf4 · CVE-2024-12801

Published · Modified

Description

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML.

The attacks involves the modification of DOCTYPE declaration in  XML configuration files.

Ready to move

Start Securing

Free, no credit card | First findings in minutes