ROOT-APP-MAVEN-CVE-2023-6378 CVE-2023-6378 in io.root.ch.qos.logback:logback-classic - Patched by Root

Root has patched CVE-2023-6378 in the io.root.ch.qos.logback:logback-classic package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2017-5929 CVE-2017-5929 in io.root.ch.qos.logback:logback-classic - Patched by Root

Root has patched CVE-2017-5929 in the io.root.ch.qos.logback:logback-classic package for Root:Maven. Multiple fixed versions available...

Security Bulletin: A security vulnerability in logback-classic-1.3.14.jar affects IBM DevOps Code ClearCase [CVE-2024-12798]

Summary A security vulnerability in logback-classic-1.3.14.jar affects IBM DevOps Code ClearCase CVE-2024-12798 Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java...

Malicious code in logback-classic (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfdbf897b4e05812cf41e2452ff954fd4ccd831b4ac8a6f7ecae4371674f5436 Any computer that has this package installed or running should be considered...

MAL-2025-6102 Malicious code in logback-classic (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfdbf897b4e05812cf41e2452ff954fd4ccd831b4ac8a6f7ecae4371674f5436 Any computer that has this package installed or running should be considered...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in logback-classic

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of logback-classic Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in logback-classic [CVE-2024-12798]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in logback-classic, caused by a flaw in the JaninoEventEvaluator extension CVE-2024-12798. Logback-classic is used by our Speech Microservices. This vulnerabilitiy has been addressed. Please read the details for...

Denial Of Service (DoS)

ch.qos.logback:logback-classic is vulnerable to Denial Of Service DoS. The vulnerability is due to the readObject method in the LoggingEventVO class which fails to check the length of an argument array during deserialization. An attacker could send crafted data, resulting in Denial of Service DoS...

Atlassian Confluence 6.0.1 < 7.19.18 / 7.20.x < 8.5.5 / 8.6.x < 8.7.2 / 8.8.0 (CONFSERVER-94111)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-94111 advisory. - This High severity ch.qos.logback:logback-classic Dependency vulnerability was introduced in versions 6.0.1 of Confluence Data Center and Server...

Security Bulletin:IBM Asset Data Dictionary Component uses logback-classic-1.3.0-alpha16.jar which is vulnerable to CVE-2023-6378

Summary IBM Asset Data Dictionary Component uses logback-classic-1.3.0-alpha16.jar which is vulnerable to CVE-2023-6378. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-6378 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a...

ch.qos.logback:logback-access (=1.3.13), ch.qos.logback:logback-classic (=1.3.13) +28 more potentially affected by CVE-2023-6481 via ch.qos.logback:logback-core (=1.3.13)

ch.qos.logback:logback-core MAVEN version =1.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on ch.qos.logback:logback-core and may be impacted: - ch.qos.logback:logback-access =1.3.13 - ch.qos.logback:logback-classic =1.3.13 -...

Denial Of Service (DoS)

ch.qos.logback:logback-classic is vulnerable to Denial Of Service DoS. The vulnerability is due a missing check on the length of an argument array during the deserialization process. This could lead to Denial of Service attacks by sending crafted data...

ai.timefold.solver:timefold-solver-examples (>=1.1.0 <=1.4.0), ai.timefold.solver:timefold-solver-spring-boot-starter (=1.4.0) +5857 more potentially affected by CVE-2023-6378 via ch.qos.logback:logback-classic (>=1.4.0 <=1.4.11)

ch.qos.logback:logback-classic MAVEN version =1.4.0, =1.1.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =23.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =23.9.1 and more Source cves: CVE-2023-6378 Source advisory: OSV:GHSA-VMQ6-5M68-F53M...

ai.tock:bot-test (=22.3.2), ai.tock:bot-test-base (=22.3.2) +347 more potentially affected by CVE-2023-6378 via ch.qos.logback:logback-classic (>=1.3.0 <=1.3.11)

ch.qos.logback:logback-classic MAVEN version =1.3.0, =1.3.11 is affected by a known vulnerability. The following packages have a transitive dependency on ch.qos.logback:logback-classic and may be impacted: - ai.tock:bot-test =22.3.2 - ai.tock:bot-test-base =22.3.2 - ai.tock:bot-toolkit =22.3.2 -...

aero.champ:cargojson (=1.0), africa.absa:inception-application (>=1.1.0 <=1.2.0) +35358 more potentially affected by CVE-2023-6378 via ch.qos.logback:logback-classic (>=0.6 <=1.2.12)

ch.qos.logback:logback-classic MAVEN version =0.6, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =0.0.86, =0.0.86, =0.0.86, =0.15, =0.15, =0.15, =0.23 and more Source cves: CVE-2023-6378 Source advisory: OSV:GHSA-VMQ6-5M68-F53M...

Moderate: Red Hat Security Advisory: Red Hat Process Automation Manager 7.12.1 security update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

GHSA-VMFG-RJJM-RJRJ QOS.ch Logback vulnerable to Deserialization of Untrusted Data

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. The RemoteStreamAppenderClient class in logback-classic and the SocketNode classes in logback-classic and logback-access allow data to be deserialized over a Java Socket,...

aero.champ:cargojson (=1.0), ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12) +17133 more potentially affected by CVE-2017-5929 via ch.qos.logback:logback-classic (>=0.6 <=1.1.9)

ch.qos.logback:logback-classic MAVEN version =0.6, =0.1.8, =0.1.6, =0.1.4-SB1X, =0.11.0, =0.7.0, =0.6.1, =0.11.0, =0.6.1, =0.13.0 and more Source cves: CVE-2017-5929 Source advisory: OSV:GHSA-VMFG-RJJM-RJRJ...