rpm package
opensuse/logback&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/logback&distro=openSUSE%20Tumbleweed
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-10532 | Low | — | < 1.5.34-1.1 | 1.5.34-1.1 | Jun 1, 2026 | Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or | |
| CVE-2026-9828 | Low | — | < 1.5.34-2.1 | 1.5.34-2.1 | May 28, 2026 | Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or | |
| CVE-2026-1225 | Low | — | < 1.2.13-2.1 | 1.2.13-2.1 | Jan 22, 2026 | ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instanti | |
| CVE-2025-11226 | Med | — | < 1.2.13-1.1 | 1.2.13-1.1 | Oct 1, 2025 | ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment varia | |
| CVE-2024-12801 | Low | — | < 1.2.11-4.1 | 1.2.11-4.1 | Dec 19, 2024 | Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE | |
| CVE-2024-12798 | Med | — | < 1.2.11-4.1 | 1.2.11-4.1 | Dec 19, 2024 | ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an en | |
| CVE-2023-6481 | — | < 1.2.13-1.1 | 1.2.13-1.1 | Dec 4, 2023 | A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. | ||
| CVE-2023-6378 | — | < 1.2.13-1.1 | 1.2.13-1.1 | Nov 29, 2023 | A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. |
- affected < 1.5.34-1.1fixed 1.5.34-1.1
Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or
- affected < 1.5.34-2.1fixed 1.5.34-2.1
Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or
- affected < 1.2.13-2.1fixed 1.2.13-2.1
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instanti
- affected < 1.2.13-1.1fixed 1.2.13-1.1
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment varia
- affected < 1.2.11-4.1fixed 1.2.11-4.1
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE
- affected < 1.2.11-4.1fixed 1.2.11-4.1
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an en
- CVE-2023-6481Dec 4, 2023affected < 1.2.13-1.1fixed 1.2.13-1.1
A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
- CVE-2023-6378Nov 29, 2023affected < 1.2.13-1.1fixed 1.2.13-1.1
A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.