GHSA-gm62-rw4g-vrc4

Suggest an improvement
Source
https://github.com/advisories/GHSA-gm62-rw4g-vrc4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-gm62-rw4g-vrc4/GHSA-gm62-rw4g-vrc4.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-gm62-rw4g-vrc4
Aliases
  • CVE-2023-6481
Related
Published
2023-12-04T09:30:23Z
Modified
2023-12-08T15:26:30.180357Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVSS Calculator
Summary
Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data
Details

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

References

Affected packages

Maven / ch.qos.logback:logback-core

Package

Name
ch.qos.logback:logback-core
View open source insights on deps.dev
Purl
pkg:maven/ch.qos.logback/logback-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.4.13
Fixed
1.4.14

Affected versions

1.*

1.4.13

Maven / ch.qos.logback:logback-core

Package

Name
ch.qos.logback:logback-core
View open source insights on deps.dev
Purl
pkg:maven/ch.qos.logback/logback-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.3.13
Fixed
1.3.14

Affected versions

1.*

1.3.13

Maven / ch.qos.logback:logback-core

Package

Name
ch.qos.logback:logback-core
View open source insights on deps.dev
Purl
pkg:maven/ch.qos.logback/logback-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.2.12
Fixed
1.2.13

Affected versions

1.*

1.2.12