VYPR
Low severityGHSA Advisory· Published Dec 19, 2024· Updated Apr 15, 2026

CVE-2024-12801

CVE-2024-12801

Description

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12  on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML.

The attacks involves the modification of DOCTYPE declaration in  XML configuration files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ch.qos.logback:logback-coreMaven
>= 1.4.0, < 1.5.131.5.13
ch.qos.logback:logback-coreMaven
< 1.3.151.3.15

Affected products

198

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.