CVE

GHSA-gm62-rw4g-vrc4

Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data

CVE

GHSA-gm62-rw4g-vrc4

Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

Package Versions Affected

ch.qos.logback:logback-core 1.2.11

Available

Unavailable

ch.qos.logback:logback-core 1.4.13

Available

Unavailable

ch.qos.logback:logback-core 1.4.11

Available

Unavailable

ch.qos.logback:logback-core 1.2.3

Available

Unavailable

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

7.1

3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.5

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Related Resources

No items found.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-6481, https://github.com/qos-ch/logback/commit/7018a3609c7bcc9dc7bf5903509901a986e5f578, https://github.com/qos-ch/logback/commit/c612b2fa3caf6eef3c75f1cd5859438451d0fd6f, https://github.com/qos-ch/logback, https://logback.qos.ch/news.html#1.3.12, https://logback.qos.ch/news.html#1.3.14

Severity

7.5

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.5

EPSS Probability

0.00224%

EPSS Percentile

0.44926%

Introduced Version

1.2.0,1.3.0-alpha0,1.4.0

Fix Available

1.2.13,1.3.14,1.4.14

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

GHSA-gm62-rw4g-vrc4