CVE-2021-42550

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

References

Affected packages

Git / github.com/qos-ch/logback

Affected ranges

Type

GIT

Repo

https://github.com/qos-ch/logback

Events

Introduced

Last affected

626c7733c188f2ad60c1348a493761f60e2d7958

Introduced

Last affected

9d4cbcc80f30a6c6915f4ee667e72d69a159bde0

Introduced

Last affected

b6dbbba5b7cb97affd9e7ada6d44efc60f859e2d

Introduced

Last affected

9b684f41c07d5ebfecfea1a2c5c6198d47c71ac2

Introduced

Last affected

1f052b53a954bdfa8d893f9906b767821b3af62f

Introduced

Last affected

e23e9c0e12dec801897fa440b2302b01dfa2abce

Introduced

Last affected

241d1e72b0ab24db502068bde5de8f6f562ef157

Introduced

Last affected

364989315c257b2388d17cc757b1bc03f66e3a30

Introduced

Last affected

cfc8247f9215f2aa14715da95b5813393b9c4ada

Introduced

Last affected

40da1f7435acd90f640b0fc0aa5d33894e472731

Introduced

Last affected

d993a7abe495f04ad3bee033ad060711d05830e4

Introduced

Fixed

791680229b8644535b7b6e9b1aa8dc5ad1e17e0c

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.2.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.0-alpha0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.0-alpha10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.0-alpha2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.0-alpha3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.0-alpha4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.0-alpha5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.0-alpha6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.0-alpha7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.0-alpha8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.0-alpha9"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0.3"
        }
    ]
}

Affected versions

Other

list

release_0.*

release_0.9.19

v0.*

v0.9.18

v0.9.20

v1.*

v1.0.10

v_0.*

v_0.9.21

v_0.9.22

v_0.9.23

v_0.9.24

v_0.9.25

v_0.9.26

v_0.9.27

v_0.9.28

v_0.9.29

v_0.9.30

v_1.*

v_1.0.0

v_1.0.1

v_1.0.11

v_1.0.2

v_1.0.3

v_1.0.4

v_1.0.5

v_1.0.6

v_1.0.7

v_1.0.8

v_1.0.9

v_1.1.0

v_1.1.1

v_1.1.10

v_1.1.4

v_1.1.5

v_1.1.6

v_1.1.7

v_1.1.8

v_1.2.0

v_1.2.1

v_1.2.2

v_1.2.3

v_1.2.4

v_1.2.5

v_1.2.6

v_1.2.7

v_1.3.0-alpha0

v_1.3.0-alpha10

v_1.3.0-alpha2

v_1.3.0-alpha3

v_1.3.0-alpha4

v_1.3.0-alpha5

v_1.3.0-alpha6

v_1.3.0-alpha7

v_1.3.0-alpha8

v_1.3.0-alpha9

v_1.8.0-alpha1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42550.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.3.0-alpha1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0"
            }
        ]
    }
]