VYPR
High severityNVD Advisory· Published Nov 29, 2023· Updated Nov 29, 2024

Logback "receiver" DOS vulnerability

CVE-2023-6378

Description

A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ch.qos.logback:logback-classicMaven
>= 1.3.0, < 1.3.121.3.12
ch.qos.logback:logback-classicMaven
>= 1.4.0, < 1.4.121.4.12
ch.qos.logback:logback-coreMaven
>= 1.3.0, < 1.3.121.3.12
ch.qos.logback:logback-coreMaven
>= 1.4.0, < 1.4.121.4.12
ch.qos.logback:logback-coreMaven
< 1.2.131.2.13
ch.qos.logback:logback-classicMaven
< 1.2.131.2.13

Affected products

137

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.