The vulnerability of the logback receiver component in the logging library Logback, which allows a hacker to trigger a service failure.

The vulnerability of the logback receiver component in the logging library involves the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2023-6481

A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' via the logback receiver component. This flaw allows an attacker to mount a denial-of-service attack by sending poisoned data. Mitigation Mitigation...

CVE-2023-6378

A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receiver component. By sending specially crafted poisoned data, a remote attacker can cause a denial of service condition. Mitigation Mitigation for this issue is either no...

ai.apiverse:apipulse (=1.0.1), ai.timefold.solver:timefold-solver-distribution-internal (=0.8.41) +6943 more potentially affected by CVE-2023-6481 via ch.qos.logback:logback-core (=1.2.12)

ch.qos.logback:logback-core MAVEN version =1.2.12 is affected by a known vulnerability. The following packages have a transitive dependency on ch.qos.logback:logback-core and may be impacted: - ai.apiverse:apipulse =1.0.1 - ai.timefold.solver:timefold-solver-distribution-internal =0.8.41 -...

ch.qos.logback:logback-access (=1.3.13), ch.qos.logback:logback-classic (=1.3.13) +28 more potentially affected by CVE-2023-6481 via ch.qos.logback:logback-core (=1.3.13)

ch.qos.logback:logback-core MAVEN version =1.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on ch.qos.logback:logback-core and may be impacted: - ch.qos.logback:logback-access =1.3.13 - ch.qos.logback:logback-classic =1.3.13 -...

be.yildiz-games:common-logging-logback (=1.1.25), ch.qos.logback:logback-access (=1.4.13) +130 more potentially affected by CVE-2023-6481 via ch.qos.logback:logback-core (=1.4.13)

ch.qos.logback:logback-core MAVEN version =1.4.13 is affected by a known vulnerability. The following packages have a transitive dependency on ch.qos.logback:logback-core and may be impacted: - be.yildiz-games:common-logging-logback =1.1.25 - ch.qos.logback:logback-access =1.4.13 -...

Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

GHSA-GM62-RW4G-VRC4 Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

CVE-2023-6481

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

CVE-2023-6481

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

Design/Logic Flaw

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

CVE-2023-6481

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

UBUNTU-CVE-2023-6481

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

CVE-2023-6481

CVE-2023-6481 concerns the logback receiver component in logback, affected in versions 1.4.13, 1.3.13, and 1.2.12. It describes a serialization vulnerability that enables a Denial-of-Service attack when poisoned data is received. The connected documents corroborate a DoS impact and reference mult...

CVE-2023-6481 Logback "receiver" DOS vulnerability CVE-2023-6378 incomplete fix

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

CVE-2023-6481

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

Quality Open Software Logback Security Vulnerability

Quality Open Software Logback is a logging framework for Java applications from Quality Open Software, Switzerland. A security vulnerability exists in Quality Open Software Logback versions 1.4.13, 1.3.13, and 1.2.12, which originated from a vulnerability that allows an attacker to cause a denial...

PT-2023-32684 · Atlassian · Confluence +2

Name of the Vulnerable Software and Affected Versions: logback versions 1.2.12 through 1.4.13 Bitbucket Data Center and Server versions 7.21.0 through 8.16.0 Confluence Data Center and Server versions 6.0.1 through 8.7.1 Description: A serialization vulnerability in the logback receiver component...

Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

Denial Of Service (DoS)

ch.qos.logback:logback-classic is vulnerable to Denial Of Service DoS. The vulnerability is due a missing check on the length of an argument array during the deserialization process. This could lead to Denial of Service attacks by sending crafted data...