Уязвимость CVE-2024-12801

Пакет	Статус	Релиз	Тип
logback	unfixed		package
logback	no-dsa	trixie	package
logback	no-dsa	bookworm	package
logback	postponed	bullseye	package

CVE-2024-12801

ubuntu

около 1 года назад

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files.

CVE-2024-12801

CVSS3: 3.3

redhat

около 1 года назад

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files.

CVE-2024-12801

nvd

около 1 года назад

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files.

GHSA-6v67-2wr5-gvf4

github

около 1 года назад

QOS.CH logback-core Server-Side Request Forgery vulnerability

SUSE-SU-2025:0072-1

suse-cvrf

около 1 года назад

Security update for logback

exploitDog

CVE-2024-12801

Описание

Пакеты

Примечания

Связанные уязвимости