SUSE CVE-2023-6481

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

logback-1.2.13-1.1 on GA media (moderate)

logback-1.2.13-1.1 on GA media Announcement ID: openSUSE-SU-2025:15597-1 Rating: moderate Cross-References: CVE-2023-6378 CVE-2023-6481 CVE-2025-11226 CVSS scores: CVE-2025-11226 SUSE : 5.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L Affected Products: openSUSE Tumbleweed An update that solves 3...

EUVD-2024-3561

Malicious code in bioql PyPI...

EUVD-2023-27691

Malicious code in bioql PyPI...

EUVD-2024-3605

Malicious code in bioql PyPI...

EUVD-2023-3046

Malicious code in bioql PyPI...

EUVD-2023-3212

Malicious code in bioql PyPI...

OPENSUSE-SU-2025:15597-1 logback-1.2.13-1.1 on GA media

These are all security issues fixed in the logback-1.2.13-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2025-11226

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

ai.acolite:openai-agent-sdk (>=0.1.0 <=0.4.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +23288 more potentially affected by CVE-2025-11226 via ch.qos.logback:logback-core (>=1.4.0 <=1.5.18)

ch.qos.logback:logback-core MAVEN version =1.4.0, =0.1.0, =0.1.0, =0.2.0, =0.114.0, =0.103.0, =0.114.0, =0.2.0, =0.8.0, =0.9.0 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 -...

QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing

QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment...

GHSA-25QH-J22F-PWP8 QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing

QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment...

CVE-2025-11226

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

ai.acolite:openai-agent-sdk (>=0.1.0 <=0.4.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +23288 more potentially affected by CVE-2025-11226 via ch.qos.logback:logback-core (>=1.4.0 <=1.5.18)

ch.qos.logback:logback-core MAVEN version =1.4.0, =0.1.0, =0.1.0, =0.2.0, =0.114.0, =0.103.0, =0.114.0, =0.2.0, =0.8.0, =0.9.0 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 -...

External Initialization of Trusted Variables or Data Stores

Overview ch.qos.logback:logback-core is a logback-core module. Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores via the conditional processing of the logback.xml configuration file when both the Janino library and Spring Framework are...

CVE-2025-11226

CVE-2025-11226: ACE vulnerability in QOS.CH logback-core up to 1.5.18 allows arbitrary code execution if an attacker can alter a logback configuration or inject a config via environment variable. Attack requires Janino and Spring Framework on the classpath and write access to a config file (or a ...

CVE-2025-11226 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

CVE-2025-11226 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

CVE-2025-11226

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

Quality Open Software Logback 安全漏洞

Quality Open Software Logback is a logging framework for Java applications from Quality Open Software, Switzerland. A security vulnerability exists in Quality Open Software Logback version 1.5.18 and earlier, which stems from improper handling of conditional configuration files and could lead to...