A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Logback | Qos | 1.2.0 (including) | 1.2.13 (excluding) |
Logback | Qos | 1.3.0 (including) | 1.3.12 (excluding) |
Logback | Qos | 1.4.0 (including) | 1.4.12 (excluding) |
Red Hat AMQ Broker 7 | RedHat | logback | * |
Red Hat Fuse 7.13.0 | RedHat | logback | * |
Red Hat OpenShift Dev Spaces 3 Containers | RedHat | devspaces/server-rhel8:3.15-3 | * |
RHINT Camel-Springboot 4.0.3 | RedHat | logback | * |
Logback | Ubuntu | bionic | * |
Logback | Ubuntu | esm-apps/bionic | * |
Logback | Ubuntu | esm-apps/focal | * |
Logback | Ubuntu | esm-apps/jammy | * |
Logback | Ubuntu | esm-apps/xenial | * |
Logback | Ubuntu | focal | * |
Logback | Ubuntu | jammy | * |
Logback | Ubuntu | lunar | * |
Logback | Ubuntu | mantic | * |
Logback | Ubuntu | trusty | * |
Logback | Ubuntu | upstream | * |
Logback | Ubuntu | xenial | * |