Maven package
ch.qos.logback/logback-classic
pkg:maven/ch.qos.logback/logback-classic
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-6378 | — | >= 1.3.0, < 1.3.12 | 1.3.12 | Nov 29, 2023 | A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. | ||
| CVE-2017-5929 | Cri | 9.8 | < 1.2.0 | 1.2.0 | Mar 13, 2017 | QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. |
- CVE-2023-6378Nov 29, 2023affected >= 1.3.0, < 1.3.12fixed 1.3.12
A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
- affected < 1.2.0fixed 1.2.0
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.