ch.qos.logback:logback-classic@1.2.4-groovyless vulnerabilities
latest version
1.5.19
latest non vulnerable version
first published
19 years ago
latest version published
24 days ago
licenses detected
package registry
Direct Vulnerabilities
Known vulnerabilities in the ch.qos.logback:logback-classic package. This does not include vulnerabilities belonging to this package’s dependencies.
Fix vulnerabilities automatically
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
ch.qos.logback:logback-classic is a reliable, generic, fast and flexible logging library for Java. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements via the How to fix Improper Neutralization of Special Elements? Upgrade | [,1.3.15)[1.4.0,1.5.13) |
ch.qos.logback:logback-classic is a reliable, generic, fast and flexible logging library for Java. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via the Note: Successful exploitation requires the logback-receiver component being enabled and also reachable by the attacker. How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')? Upgrade | [,1.2.13)[1.3.0,1.3.14)[1.4.0,1.4.14) |
ch.qos.logback:logback-classic is a reliable, generic, fast and flexible logging library for Java. Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can mount a denial-of-service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. How to fix Denial of Service (DoS)? Upgrade | [,1.2.13)[1.3.0-alpha0,1.3.12)[1.4.0,1.4.12) |