GHSA-668q-qrv7-99fm

Vulnerable Component Details
Type Namespace Name Version Package URL
maven ch.qos.logback logback-core 1.2.6 pkg:maven/ch.qos.logback/logback-core@1.2.6?type=jar
Vulnerability Details
ID GHSA-668q-qrv7-99fm
Description In logback version 1.2.9 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
Recommendation Upgrade to 1.2.9 or above.. || State: fixed | Fix Versions: 1.2.9
Ratings
Severity Score Method Vector Source
8.5 CVSSv2 AV:N/AC:M/Au:S/C:C/I:C/A:C nvd
6.6 CVSSv3 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H ghsa
Related Vulnerabilities
Found By Anchore Grype , Aquasec Trivy , Sonotype OSS-Index , Gitlab Gemnasium
References / Advisories
Weakness Enumeration