CVE-2023-6481: Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data

December 4, 2023 (updated December 8, 2023)

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

References

github.com/advisories/GHSA-gm62-rw4g-vrc4
github.com/qos-ch/logback/commit/7018a3609c7bcc9dc7bf5903509901a986e5f578
github.com/qos-ch/logback/commit/c612b2fa3caf6eef3c75f1cd5859438451d0fd6f
logback.qos.ch/news.html
logback.qos.ch/news.html
nvd.nist.gov/vuln/detail/CVE-2023-6481

Detect and mitigate CVE-2023-6481 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →