Количество 5
Количество 5
CVE-2026-1225
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must have write access to a configuration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado.
CVE-2026-1225
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must have write access to a configuration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado.
CVE-2026-1225
ACE vulnerability in configuration file processing by QOS.CH logback- ...
SUSE-SU-2026:0361-1
Security update for logback
GHSA-qqpg-mvqg-649v
Logback allows an attacker to instantiate classes already present on the class path
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-1225 ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must have write access to a configuration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado. | 0% Низкий | 18 дней назад | |
 | CVE-2026-1225 ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must have write access to a configuration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado. | 0% Низкий | 18 дней назад | |
| CVE-2026-1225 ACE vulnerability in configuration file processing by QOS.CH logback- ... | 0% Низкий | 18 дней назад | |
 | SUSE-SU-2026:0361-1 Security update for logback | 0% Низкий | 7 дней назад | |
| GHSA-qqpg-mvqg-649v Logback allows an attacker to instantiate classes already present on the class path | 0% Низкий | 18 дней назад |
Уязвимостей на страницу