Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-42550

Опубликовано: 16 дек. 2021
Источник: debian
EPSS Низкий

Описание

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
logbackfixed1:1.2.8-1package
logbackno-dsabullseyepackage
logbackno-dsabusterpackage
logbackno-dsastretchpackage

Примечания

  • https://jira.qos.ch/browse/LOGBACK-1591

  • https://github.com/qos-ch/logback/commit/21d772f2bc2ed780b01b4fe108df7e29707763f1 (v_1.2.8)

EPSS

Процентиль: 85%
0.02604
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2021-42550

CVSS3: 6.6
ubuntu
около 4 лет назад

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

redhat логотип

CVE-2021-42550

CVSS3: 6.6
redhat
около 4 лет назад

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

nvd логотип

CVE-2021-42550

CVSS3: 6.6
nvd
около 4 лет назад

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

suse-cvrf логотип

SUSE-SU-2023:2097-1

suse-cvrf
почти 3 года назад

Security update for maven and recommended update for antlr3, minlog, sbt, xmvn

github логотип

GHSA-668q-qrv7-99fm

CVSS3: 6.6
github
около 4 лет назад

Deserialization of Untrusted Data in logback

EPSS

Процентиль: 85%
0.02604
Низкий