1.5.37
19 years ago
9 days ago
Known vulnerabilities in the ch.qos.logback:logback-core package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
ch.qos.logback:logback-core is a logback-core module. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in How to fix Deserialization of Untrusted Data? Upgrade | [,1.5.33) |
ch.qos.logback:logback-core is a logback-core module. Affected versions of this package are vulnerable to Expression Injection in the Janino-evaluated How to fix Expression Injection? Upgrade | [0.9.20,1.5.36) |
ch.qos.logback:logback-core is a logback-core module. Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores during the configuration file processing. An attacker can instantiate arbitrary classes already present on the class path by compromising an existing configuration file. How to fix External Initialization of Trusted Variables or Data Stores? Upgrade | [0.9.20,1.5.25) |
ch.qos.logback:logback-core is a logback-core module. Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores via the conditional processing of the How to fix External Initialization of Trusted Variables or Data Stores? Upgrade | [,1.3.16)[1.4.0,1.5.19) |
ch.qos.logback:logback-core is a logback-core module. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements via the How to fix Improper Neutralization of Special Elements? Upgrade | [,1.3.15)[1.4.0,1.5.13) |
ch.qos.logback:logback-core is a logback-core module. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the How to fix Server-side Request Forgery (SSRF)? Upgrade | [,1.3.15)[1.4.0,1.5.13) |
ch.qos.logback:logback-core is a logback-core module. Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can mount a denial-of-service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. How to fix Denial of Service (DoS)? Upgrade | [,1.2.13)[1.3.0-alpha0,1.3.12)[1.4.0,1.4.12) |