VYPR
High severityNVD Advisory· Published Dec 4, 2023· Updated Aug 2, 2024

Logback "receiver" DOS vulnerability CVE-2023-6378 incomplete fix

CVE-2023-6481

Description

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ch.qos.logback:logback-coreMaven
>= 1.4.13, < 1.4.141.4.14
ch.qos.logback:logback-coreMaven
>= 1.3.13, < 1.3.141.3.14
ch.qos.logback:logback-coreMaven
>= 1.2.12, < 1.2.131.2.13

Affected products

24

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.