In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Logback | Qos | * | 1.2.7 (including) |
Logback | Qos | 1.3.0-alpha0 (including) | 1.3.0-alpha0 (including) |
Logback | Qos | 1.3.0-alpha1 (including) | 1.3.0-alpha1 (including) |
Logback | Qos | 1.3.0-alpha10 (including) | 1.3.0-alpha10 (including) |
Logback | Qos | 1.3.0-alpha2 (including) | 1.3.0-alpha2 (including) |
Logback | Qos | 1.3.0-alpha3 (including) | 1.3.0-alpha3 (including) |
Logback | Qos | 1.3.0-alpha4 (including) | 1.3.0-alpha4 (including) |
Logback | Qos | 1.3.0-alpha5 (including) | 1.3.0-alpha5 (including) |
Logback | Qos | 1.3.0-alpha6 (including) | 1.3.0-alpha6 (including) |
Logback | Qos | 1.3.0-alpha7 (including) | 1.3.0-alpha7 (including) |
Logback | Qos | 1.3.0-alpha8 (including) | 1.3.0-alpha8 (including) |
Logback | Qos | 1.3.0-alpha9 (including) | 1.3.0-alpha9 (including) |
Red Hat Fuse 7.11 | RedHat | logback-classic | * |
Red Hat Satellite 6.11 for RHEL 7 | RedHat | candlepin-0:4.1.13-1.el7sat | * |
Red Hat Satellite 6.11 for RHEL 8 | RedHat | candlepin-0:4.1.13-1.el8sat | * |
RHDM 7.12.1 | RedHat | logback-classic | * |
RHPAM 7.12.1 | RedHat | logback-classic | * |
Logback | Ubuntu | bionic | * |
Logback | Ubuntu | esm-apps/bionic | * |
Logback | Ubuntu | esm-apps/focal | * |
Logback | Ubuntu | esm-apps/xenial | * |
Logback | Ubuntu | focal | * |
Logback | Ubuntu | hirsute | * |
Logback | Ubuntu | impish | * |
Logback | Ubuntu | kinetic | * |
Logback | Ubuntu | lunar | * |
Logback | Ubuntu | mantic | * |
Logback | Ubuntu | trusty | * |
Logback | Ubuntu | upstream | * |
Logback | Ubuntu | xenial | * |