It was discovered that logback could read malicious configuration files from LDAP servers. An attacker with the required permissions could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-42550) It was discovered that logback contained a serialization vulnerability. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-6378)