| Vulnerable Component Details | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Type | Namespace | Name | Version | Package URL | ||||||||||||||
| maven | ch.qos.logback | logback-core | 1.2.6 | pkg:maven/ch.qos.logback/logback-core@1.2.6?type=jar | ||||||||||||||
| Vulnerability Details | ||||||||||||||||||
| ID | GHSA-668q-qrv7-99fm | |||||||||||||||||
| Description | In logback version 1.2.9 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. | |||||||||||||||||
| Recommendation | Upgrade to 1.2.9 or above.. || State: fixed | Fix Versions: 1.2.9 | |||||||||||||||||
| Ratings |
|
|||||||||||||||||
| Related Vulnerabilities | ||||||||||||||||||
| Found By | Anchore Grype , Aquasec Trivy , Sonotype OSS-Index , Gitlab Gemnasium | |||||||||||||||||
| References / Advisories |
|
|||||||||||||||||
| Weakness Enumeration | ||||||||||||||||||