GHSA-gm62-rw4g-vrc4
Suggest an improvement- Source
- https://github.com/advisories/GHSA-gm62-rw4g-vrc4
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-gm62-rw4g-vrc4/GHSA-gm62-rw4g-vrc4.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-gm62-rw4g-vrc4
- Aliases
- Downstream
- Related
- Published
- 2023-12-04T09:30:23Z
- Modified
- 2023-12-08T15:26:30.180357Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVSS Calculator
- Summary
- Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data
- Details
-
A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
- Database specific
{ "nvd_published_at": "2023-12-04T09:15:37Z", "severity": "HIGH", "github_reviewed_at": "2023-12-08T15:06:33Z", "github_reviewed": true, "cwe_ids": [] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-6481
- https://github.com/qos-ch/logback/commit/7018a3609c7bcc9dc7bf5903509901a986e5f578
- https://github.com/qos-ch/logback/commit/c612b2fa3caf6eef3c75f1cd5859438451d0fd6f
- https://github.com/qos-ch/logback
- https://logback.qos.ch/news.html#1.3.12
- https://logback.qos.ch/news.html#1.3.14
Affected packages
Maven / ch.qos.logback:logback-core
Package
- Name
- ch.qos.logback:logback-core
- View open source insights on deps.dev
- Purl
- pkg:maven/ch.qos.logback/logback-core
Maven / ch.qos.logback:logback-core
Package
- Name
- ch.qos.logback:logback-core
- View open source insights on deps.dev
- Purl
- pkg:maven/ch.qos.logback/logback-core
Maven / ch.qos.logback:logback-core
Package
- Name
- ch.qos.logback:logback-core
- View open source insights on deps.dev
- Purl
- pkg:maven/ch.qos.logback/logback-core