CVE-2023-6378: logback serialization vulnerability
(updated )
A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html
References
- github.com/advisories/GHSA-vmq6-5m68-f53m
- github.com/qos-ch/logback
- github.com/qos-ch/logback/commit/9c782b45be4abdafb7e17481e24e7354c2acd1eb
- github.com/qos-ch/logback/commit/b8eac23a9de9e05fb6d51160b3f46acd91af9731
- github.com/qos-ch/logback/commit/bb095154be011267b64e37a1d401546e7cc2b7c3
- github.com/qos-ch/logback/issues/745
- logback.qos.ch/manual/receivers.html
- logback.qos.ch/news.html
- logback.qos.ch/news.html
- nvd.nist.gov/vuln/detail/CVE-2023-6378
- security.netapp.com/advisory/ntap-20241129-0012
Detect and mitigate CVE-2023-6378 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →