Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-JAVA-CHQOSLOGBACK-1726923
- published 1 Oct 2021
- disclosed 29 Sep 2021
- credit Andrei Komarov
Introduced: 29 Sep 2021CVE NOT AVAILABLE CWE-20 Open this link in a new tab
How to fix?
ch.qos.logback:logback-core to version 1.2.7 or higher.
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Insufficient Hostname Verification.
X.509 are not properly validated. By spoofing the TLS/SSL server via a certificate that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data.