Описание
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
Ссылки
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- Third Party Advisory
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
6.6 Medium
CVSS3
8.5 High
CVSS2
Дефекты
Связанные уязвимости
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
In logback version 1.2.7 and prior versions, an attacker with the requ ...
Security update for maven and recommended update for antlr3, minlog, sbt, xmvn
EPSS
6.6 Medium
CVSS3
8.5 High
CVSS2