CVE-2024-12798
Description
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution.
Malicious logback configuration files can allow the attacker to execute arbitrary code using the JaninoEventEvaluator extension.
A successful attack requires the user to have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privilege.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ch.qos.logback:logback-coreMaven | >= 1.4.0, < 1.5.13 | 1.5.13 |
ch.qos.logback:logback-coreMaven | < 1.3.15 | 1.3.15 |
Affected products
198- osv-coords197 versionspkg:apk/chainguard/akhqpkg:apk/chainguard/apache-nifipkg:apk/chainguard/apache-nifi-compatpkg:apk/chainguard/apache-nifi-toolkitpkg:apk/chainguard/cassandra-5.0pkg:apk/chainguard/cassandra-reaperpkg:apk/chainguard/cassandra-reaper-jre-bcfipspkg:apk/chainguard/dependency-track-bundledpkg:apk/chainguard/kserve-modelmeshpkg:apk/chainguard/kserve-modelmesh-compatpkg:apk/chainguard/management-api-for-apache-cassandra-4.0pkg:apk/chainguard/management-api-for-apache-cassandra-4.0-compatpkg:apk/chainguard/management-api-for-apache-cassandra-4.1pkg:apk/chainguard/management-api-for-apache-cassandra-4.1-compatpkg:apk/chainguard/management-api-for-apache-cassandra-5.0pkg:apk/chainguard/management-api-for-apache-cassandra-5.0-compatpkg:apk/chainguard/sonarqubepkg:apk/chainguard/sonarqube-10pkg:apk/chainguard/sonarqube-10-docker-compatpkg:apk/chainguard/sonarqube-10-scriptspkg:apk/chainguard/sonarqube-docker-compatpkg:apk/chainguard/sonarqube-scriptspkg:apk/chainguard/sonar-scanner-clipkg:apk/chainguard/sonar-scanner-cli-compatpkg:apk/chainguard/tezpkg:apk/chainguard/thingsboardpkg:apk/chainguard/thingsboard-tb-js-executorpkg:apk/chainguard/thingsboard-tb-mqtt-transportpkg:apk/chainguard/thingsboard-tb-nodepkg:apk/chainguard/thingsboard-tb-web-uipkg:apk/chainguard/trinopkg:apk/chainguard/trino-configpkg:apk/chainguard/trino-oci-entrypointpkg:apk/chainguard/trino-plugin-accumulopkg:apk/chainguard/trino-plugin-ai-functionspkg:apk/chainguard/trino-plugin-atoppkg:apk/chainguard/trino-plugin-bigquerypkg:apk/chainguard/trino-plugin-blackholepkg:apk/chainguard/trino-plugin-cassandrapkg:apk/chainguard/trino-plugin-clickhousepkg:apk/chainguard/trino-plugin-delta-lakepkg:apk/chainguard/trino-plugin-druidpkg:apk/chainguard/trino-plugin-duckdbpkg:apk/chainguard/trino-plugin-elasticsearchpkg:apk/chainguard/trino-plugin-example-httppkg:apk/chainguard/trino-plugin-exasolpkg:apk/chainguard/trino-plugin-exchange-filesystempkg:apk/chainguard/trino-plugin-exchange-hdfspkg:apk/chainguard/trino-plugin-fakerpkg:apk/chainguard/trino-plugin-functions-pythonpkg:apk/chainguard/trino-plugin-geospatialpkg:apk/chainguard/trino-plugin-google-sheetspkg:apk/chainguard/trino-plugin-hivepkg:apk/chainguard/trino-plugin-http-event-listenerpkg:apk/chainguard/trino-plugin-http-server-event-listenerpkg:apk/chainguard/trino-plugin-hudipkg:apk/chainguard/trino-plugin-icebergpkg:apk/chainguard/trino-plugin-ignitepkg:apk/chainguard/trino-plugin-jmxpkg:apk/chainguard/trino-plugin-kafkapkg:apk/chainguard/trino-plugin-kafka-event-listenerpkg:apk/chainguard/trino-plugin-kinesispkg:apk/chainguard/trino-plugin-kudupkg:apk/chainguard/trino-plugin-lakehousepkg:apk/chainguard/trino-plugin-ldap-group-providerpkg:apk/chainguard/trino-plugin-local-filepkg:apk/chainguard/trino-plugin-lokipkg:apk/chainguard/trino-plugin-mariadbpkg:apk/chainguard/trino-plugin-memorypkg:apk/chainguard/trino-plugin-mlpkg:apk/chainguard/trino-plugin-mongodbpkg:apk/chainguard/trino-plugin-mysqlpkg:apk/chainguard/trino-plugin-mysql-event-listenerpkg:apk/chainguard/trino-plugin-opapkg:apk/chainguard/trino-plugin-openlineagepkg:apk/chainguard/trino-plugin-opensearchpkg:apk/chainguard/trino-plugin-oraclepkg:apk/chainguard/trino-plugin-password-authenticatorspkg:apk/chainguard/trino-plugin-phoenix5pkg:apk/chainguard/trino-plugin-pinotpkg:apk/chainguard/trino-plugin-postgresqlpkg:apk/chainguard/trino-plugin-prometheuspkg:apk/chainguard/trino-plugin-rangerpkg:apk/chainguard/trino-plugin-raptor-legacypkg:apk/chainguard/trino-plugin-redispkg:apk/chainguard/trino-plugin-redshiftpkg:apk/chainguard/trino-plugin-resource-group-managerspkg:apk/chainguard/trino-plugin-session-property-managerspkg:apk/chainguard/trino-plugin-singlestorepkg:apk/chainguard/trino-plugin-snowflakepkg:apk/chainguard/trino-plugin-spooling-filesystempkg:apk/chainguard/trino-plugin-sqlserverpkg:apk/chainguard/trino-plugin-teradata-functionspkg:apk/chainguard/trino-plugin-thriftpkg:apk/chainguard/trino-plugin-tpcdspkg:apk/chainguard/trino-plugin-tpchpkg:apk/chainguard/trino-plugin-verticapkg:apk/chainguard/zookeeper-custompkg:apk/chainguard/zookeeper-fips-3.8pkg:apk/chainguard/zookeeper-fips-3.8-compatpkg:apk/wolfi/akhqpkg:apk/wolfi/apache-nifipkg:apk/wolfi/apache-nifi-compatpkg:apk/wolfi/apache-nifi-toolkitpkg:apk/wolfi/cassandra-5.0pkg:apk/wolfi/cassandra-reaperpkg:apk/wolfi/dependency-track-bundledpkg:apk/wolfi/kserve-modelmeshpkg:apk/wolfi/kserve-modelmesh-compatpkg:apk/wolfi/management-api-for-apache-cassandra-4.1pkg:apk/wolfi/management-api-for-apache-cassandra-4.1-compatpkg:apk/wolfi/management-api-for-apache-cassandra-5.0pkg:apk/wolfi/management-api-for-apache-cassandra-5.0-compatpkg:apk/wolfi/sonarqubepkg:apk/wolfi/sonarqube-10pkg:apk/wolfi/sonarqube-10-docker-compatpkg:apk/wolfi/sonarqube-10-scriptspkg:apk/wolfi/sonarqube-docker-compatpkg:apk/wolfi/sonarqube-scriptspkg:apk/wolfi/sonar-scanner-clipkg:apk/wolfi/sonar-scanner-cli-compatpkg:apk/wolfi/tezpkg:apk/wolfi/thingsboardpkg:apk/wolfi/thingsboard-tb-js-executorpkg:apk/wolfi/thingsboard-tb-mqtt-transportpkg:apk/wolfi/thingsboard-tb-nodepkg:apk/wolfi/thingsboard-tb-web-uipkg:apk/wolfi/trinopkg:apk/wolfi/trino-configpkg:apk/wolfi/trino-oci-entrypointpkg:apk/wolfi/trino-plugin-accumulopkg:apk/wolfi/trino-plugin-ai-functionspkg:apk/wolfi/trino-plugin-atoppkg:apk/wolfi/trino-plugin-bigquerypkg:apk/wolfi/trino-plugin-blackholepkg:apk/wolfi/trino-plugin-cassandrapkg:apk/wolfi/trino-plugin-clickhousepkg:apk/wolfi/trino-plugin-delta-lakepkg:apk/wolfi/trino-plugin-druidpkg:apk/wolfi/trino-plugin-duckdbpkg:apk/wolfi/trino-plugin-elasticsearchpkg:apk/wolfi/trino-plugin-example-httppkg:apk/wolfi/trino-plugin-exasolpkg:apk/wolfi/trino-plugin-exchange-filesystempkg:apk/wolfi/trino-plugin-exchange-hdfspkg:apk/wolfi/trino-plugin-fakerpkg:apk/wolfi/trino-plugin-functions-pythonpkg:apk/wolfi/trino-plugin-geospatialpkg:apk/wolfi/trino-plugin-google-sheetspkg:apk/wolfi/trino-plugin-hivepkg:apk/wolfi/trino-plugin-http-event-listenerpkg:apk/wolfi/trino-plugin-http-server-event-listenerpkg:apk/wolfi/trino-plugin-hudipkg:apk/wolfi/trino-plugin-icebergpkg:apk/wolfi/trino-plugin-ignitepkg:apk/wolfi/trino-plugin-jmxpkg:apk/wolfi/trino-plugin-kafkapkg:apk/wolfi/trino-plugin-kafka-event-listenerpkg:apk/wolfi/trino-plugin-kinesispkg:apk/wolfi/trino-plugin-kudupkg:apk/wolfi/trino-plugin-lakehousepkg:apk/wolfi/trino-plugin-ldap-group-providerpkg:apk/wolfi/trino-plugin-local-filepkg:apk/wolfi/trino-plugin-lokipkg:apk/wolfi/trino-plugin-mariadbpkg:apk/wolfi/trino-plugin-memorypkg:apk/wolfi/trino-plugin-mlpkg:apk/wolfi/trino-plugin-mongodbpkg:apk/wolfi/trino-plugin-mysqlpkg:apk/wolfi/trino-plugin-mysql-event-listenerpkg:apk/wolfi/trino-plugin-opapkg:apk/wolfi/trino-plugin-openlineagepkg:apk/wolfi/trino-plugin-opensearchpkg:apk/wolfi/trino-plugin-oraclepkg:apk/wolfi/trino-plugin-password-authenticatorspkg:apk/wolfi/trino-plugin-phoenix5pkg:apk/wolfi/trino-plugin-pinotpkg:apk/wolfi/trino-plugin-postgresqlpkg:apk/wolfi/trino-plugin-prometheuspkg:apk/wolfi/trino-plugin-rangerpkg:apk/wolfi/trino-plugin-raptor-legacypkg:apk/wolfi/trino-plugin-redispkg:apk/wolfi/trino-plugin-redshiftpkg:apk/wolfi/trino-plugin-resource-group-managerspkg:apk/wolfi/trino-plugin-session-property-managerspkg:apk/wolfi/trino-plugin-singlestorepkg:apk/wolfi/trino-plugin-snowflakepkg:apk/wolfi/trino-plugin-spooling-filesystempkg:apk/wolfi/trino-plugin-sqlserverpkg:apk/wolfi/trino-plugin-teradata-functionspkg:apk/wolfi/trino-plugin-thriftpkg:apk/wolfi/trino-plugin-tpcdspkg:apk/wolfi/trino-plugin-tpchpkg:apk/wolfi/trino-plugin-verticapkg:maven/ch.qos.logback/logback-corepkg:rpm/opensuse/logback&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/logback&distro=openSUSE%20Tumbleweed
< 0.25.1-r2+ 196 more
- (no CPE)range: < 0.25.1-r2
- (no CPE)range: < 2.1.0-r0
- (no CPE)range: < 2.1.0-r0
- (no CPE)range: < 2.1.0-r0
- (no CPE)range: < 5.0.7-r0
- (no CPE)range: < 3.7.1-r0
- (no CPE)range: < 3.7.1-r1
- (no CPE)range: < 4.13.5-r0
- (no CPE)range: < 0.12.0-r13
- (no CPE)range: < 0.12.0-r13
- (no CPE)range: < 0.1.90-r1
- (no CPE)range: < 0.1.90-r1
- (no CPE)range: < 0.1.96-r1
- (no CPE)range: < 0.1.96-r1
- (no CPE)range: < 0.1.96-r1
- (no CPE)range: < 0.1.96-r1
- (no CPE)range: < 25.6.0.109173-r0
- (no CPE)range: < 25.1.0.102122-r0
- (no CPE)range: < 25.1.0.102122-r0
- (no CPE)range: < 25.1.0.102122-r0
- (no CPE)range: < 25.6.0.109173-r0
- (no CPE)range: < 25.6.0.109173-r0
- (no CPE)range: < 6.2.1.4610-r1
- (no CPE)range: < 6.2.1.4610-r1
- (no CPE)range: < 0.10.4-r6
- (no CPE)range: < 3.9-r0
- (no CPE)range: < 3.9-r0
- (no CPE)range: < 3.9-r0
- (no CPE)range: < 3.9-r0
- (no CPE)range: < 3.9-r0
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 3.9.4-r2
- (no CPE)range: < 3.8.4-r1
- (no CPE)range: < 3.8.4-r0
- (no CPE)range: < 0.25.1-r2
- (no CPE)range: < 2.1.0-r0
- (no CPE)range: < 2.1.0-r0
- (no CPE)range: < 2.1.0-r0
- (no CPE)range: < 5.0.7-r0
- (no CPE)range: < 3.7.1-r0
- (no CPE)range: < 4.13.5-r0
- (no CPE)range: < 0.12.0-r13
- (no CPE)range: < 0.12.0-r13
- (no CPE)range: < 0.1.96-r1
- (no CPE)range: < 0.1.96-r1
- (no CPE)range: < 0.1.96-r1
- (no CPE)range: < 0.1.96-r1
- (no CPE)range: < 25.6.0.109173-r0
- (no CPE)range: < 25.1.0.102122-r0
- (no CPE)range: < 25.1.0.102122-r0
- (no CPE)range: < 25.1.0.102122-r0
- (no CPE)range: < 25.6.0.109173-r0
- (no CPE)range: < 25.6.0.109173-r0
- (no CPE)range: < 6.2.1.4610-r1
- (no CPE)range: < 6.2.1.4610-r1
- (no CPE)range: < 0.10.4-r6
- (no CPE)range: < 3.9-r0
- (no CPE)range: < 3.9-r0
- (no CPE)range: < 3.9-r0
- (no CPE)range: < 3.9-r0
- (no CPE)range: < 3.9-r0
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: < 468-r1
- (no CPE)range: >= 1.4.0, < 1.5.13
- (no CPE)range: < 1.2.11-150200.3.10.1
- (no CPE)range: < 1.2.11-4.1
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.