Описание
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to
forge requests by compromising logback configuration files in XML.
The attacks involves the modification of DOCTYPE declaration in XML configuration files.
A Server-Side Request Forgery (SSRF) vulnerability was found in Logback. This flaw allows a local attacker to forge requests by modifying XML configuration files to ignore external DTD files specified in DOCTYPE declarations, potentially exposing confidential or restricted data.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| AMQ Clients | ch.qos.logback/logback-core | Fix deferred | ||
| A-MQ Clients 2 | ch.qos.logback/logback-core | Fix deferred | ||
| Logging Subsystem for Red Hat OpenShift | ch.qos.logback/logback-core | Fix deferred | ||
| Red Hat AMQ Broker 7 | ch.qos.logback/logback-core | Fix deferred | ||
| Red Hat build of Apache Camel for Spring Boot 4 | ch.qos.logback/logback-core | Fix deferred | ||
| Red Hat build of Apache Camel - HawtIO 4 | ch.qos.logback/logback-core | Fix deferred | ||
| Red Hat build of Debezium 2 | ch.qos.logback/logback-core | Fix deferred | ||
| Red Hat Build of Keycloak | ch.qos.logback/logback-core | Fix deferred | ||
| Red Hat build of OptaPlanner 8 | ch.qos.logback/logback-core | Fix deferred | ||
| Red Hat Data Grid 8 | ch.qos.logback/logback-core | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files.
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files.
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logba ...
QOS.CH logback-core Server-Side Request Forgery vulnerability
EPSS
3.3 Low
CVSS3