VYPR

Maven package

ch.qos.logback/logback-classic

pkg:maven/ch.qos.logback/logback-classic

Vulnerabilities (2)

  • CVE-2023-6378Nov 29, 2023
    affected >= 1.3.0, < 1.3.12fixed 1.3.12

    A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

  • CVE-2017-5929CriMar 13, 2017
    affected < 1.2.0fixed 1.2.0

    QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.