Design/Logic Flaw

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers...

UBUNTU-CVE-2021-42550

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers...

Quality Open Software Logback 代码问题漏洞

Quality Open Software logback is a logging framework for Java applications from Quality Open Software of Switzerland. quality Open Software logback in versions 1.2.7 and earlier is vulnerable to remote code execution, which stems from a failure to effectively filter user input. The vulnerability...

CVE-2021-42550 RCE from attacker with configuration edit priviledges through JNDI lookup

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers...

PT-2021-6084 · Logback +6 · Logback +6

Name of the Vulnerable Software and Affected Versions: logback versions 1.2.7 and prior Description: The issue is related to the deserialization mechanism in the logback library, which can be exploited by an attacker with the required privileges to edit configuration files. This could allow the...

CVE-2021-42550

This CVE affects Logback 1.2.7 and earlier, where an attacker with write access to configuration files can craft a malicious configuration that loads and executes arbitrary code from LDAP servers. The impact is remote code execution with the attacker’s privileges on systems using vulnerable Logba...

CVE-2021-42550

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers...

GHSA-VFQX-33QM-G869 Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource...

Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource...

Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource...

CVE-2019-12384

A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

CVE-2019-14379

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...

aero.champ:cargojson (=1.0), ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12) +17133 more potentially affected by CVE-2017-5929 via ch.qos.logback:logback-classic (>=0.6 <=1.1.9)

ch.qos.logback:logback-classic MAVEN version =0.6, =0.1.8, =0.1.6, =0.1.4-SB1X, =0.11.0, =0.7.0, =0.6.1, =0.11.0, =0.6.1, =0.13.0 and more Source cves: CVE-2017-5929 Source advisory: OSV:GHSA-VMFG-RJJM-RJRJ...

aero.champ:cargojson (=1.0), ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12) +17352 more potentially affected by CVE-2017-5929 via ch.qos.logback:logback-core (>=0.2.5 <=1.1.9)

ch.qos.logback:logback-core MAVEN version =0.2.5, =0.1.8, =0.1.6, =0.1.4-SB1X, =0.11.0, =0.7.0, =0.6.1, =0.11.0, =0.6.1, =0.13.0 and more Source cves: CVE-2017-5929 Source advisory: OSV:GHSA-VMFG-RJJM-RJRJ...

GHSA-VMFG-RJJM-RJRJ QOS.ch Logback vulnerable to Deserialization of Untrusted Data

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. The RemoteStreamAppenderClient class in logback-classic and the SocketNode classes in logback-classic and logback-access allow data to be deserialized over a Java Socket,...

QOS.ch Logback vulnerable to Deserialization of Untrusted Data

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. The RemoteStreamAppenderClient class in logback-classic and the SocketNode classes in logback-classic and logback-access allow data to be deserialized over a Java Socket,...

Deserialization of Untrusted Data

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

The vulnerability of the com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource component in the Jackson-databind library of the FasterXML project allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource component in the Jackson-databind library of the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to compromise the...

CVE-2020-36180

A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, w...

CVE-2020-36189

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource...