CVE-2023-6481

Summary

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

Affected Software

VendorProductVersion RangeStatus
QOS.CH Sarllogback1.4.14unaffected
QOS.CH Sarllogback1.3.14unaffected
QOS.CH Sarllogback1.2.13unaffected

Weaknesses

  • Denial-of-service using poisoned data

Workarounds

Logback versions 1.2.13 and later, 1.3.14 and later  or 1.4.14 and later

provides fixes. However, please note that these fixes are only effective when deployed under Java 9 or later.

ADP Enrichment

CVE Program Container

Additional References

References