Описание
logback serialization vulnerability
A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-6378
- https://github.com/qos-ch/logback/issues/745#issuecomment-1836227158
- https://github.com/qos-ch/logback/commit/9c782b45be4abdafb7e17481e24e7354c2acd1eb
- https://github.com/qos-ch/logback/commit/b8eac23a9de9e05fb6d51160b3f46acd91af9731
- https://github.com/qos-ch/logback/commit/bb095154be011267b64e37a1d401546e7cc2b7c3
- https://logback.qos.ch/manual/receivers.html
- https://logback.qos.ch/news.html#1.2.13
- https://logback.qos.ch/news.html#1.3.12
- https://security.netapp.com/advisory/ntap-20241129-0012
Пакеты
ch.qos.logback:logback-classic
>= 1.3.0, < 1.3.12
1.3.12
ch.qos.logback:logback-classic
>= 1.4.0, < 1.4.12
1.4.12
ch.qos.logback:logback-core
>= 1.3.0, < 1.3.12
1.3.12
ch.qos.logback:logback-core
>= 1.4.0, < 1.4.12
1.4.12
ch.qos.logback:logback-core
< 1.2.13
1.2.13
ch.qos.logback:logback-classic
< 1.2.13
1.2.13
Связанные уязвимости
A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
A serialization vulnerability in logback receiver component part of l ...
Уязвимость компонента logback receiver библиотеки логирования logback, позволяющая нарушителю вызвать отказ в обслуживании