CVE-2023-6378
published 2023-11-29CVE-2023-6378: A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A serialization vulnerability in logback receiver component part of
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | bitbucket_data_center | — | — |
| debian | logback | < logback 1:1.2.11-5 (forky) | logback 1:1.2.11-5 (forky) |
| qos | logback | >= 0 < 1:1.2.11-5 | 1:1.2.11-5 |
| qos | logback | >= 0 < 1:1.2.11-5 | 1:1.2.11-5 |
| qos | logback | >= 0 < 1:1.1.3-2ubuntu0.1~esm1 | 1:1.1.3-2ubuntu0.1~esm1 |
| qos | logback | >= 0 < 1:1.2.3-2ubuntu1~18.04.1+esm1 | 1:1.2.3-2ubuntu1~18.04.1+esm1 |
| qos | logback | >= 0 < 1:1.2.3-5ubuntu0.1~esm1 | 1:1.2.3-5ubuntu0.1~esm1 |
| qos | logback | >= 0 < 1:1.2.10-1ubuntu0.1~esm1 | 1:1.2.10-1ubuntu0.1~esm1 |
| qos | logback | >= 1.2.0 < 1.2.13 | 1.2.13 |
| qos | logback | >= 1.3.0 < 1.3.12 | 1.3.12 |
| qos | logback | >= 1.4.0 < 1.4.12 | 1.4.12 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH