CVE-2023-6481
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| QOS.CH Sarl | logback | 1.4.14 | unaffected |
| QOS.CH Sarl | logback | 1.3.14 | unaffected |
| QOS.CH Sarl | logback | 1.2.13 | unaffected |
Weaknesses
- Denial-of-service using poisoned data
Workarounds
Logback versions 1.2.13 and later, 1.3.14 and later or 1.4.14 and later
provides fixes. However, please note that these fixes are only effective when deployed under Java 9 or later.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.