Описание
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | ignored | changes too intrusive |
| esm-apps/bionic | ignored | changes too intrusive |
| esm-apps/focal | ignored | changes too intrusive |
| esm-apps/jammy | ignored | changes too intrusive |
| esm-apps/noble | ignored | changes too intrusive |
| esm-apps/xenial | ignored | changes too intrusive |
| focal | ignored | end of standard support, was needs-triage |
| jammy | ignored | changes too intrusive |
| noble | ignored | changes too intrusive |
| oracular | ignored | end of life, was ignored [changes too intrusive] |
Показывать по
EPSS
Связанные уязвимости
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files.
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files.
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logba ...
QOS.CH logback-core Server-Side Request Forgery vulnerability
EPSS