Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/ch.qos.logback/logback-core@1.0.11

Type maven

Namespace ch.qos.logback

Name logback-core

Version 1.0.11

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.5.25

Latest_non_vulnerable_version 1.5.25

Affected_by_vulnerabilities

url VCID-2y5d-qg7z-2kdg

vulnerability_id VCID-2y5d-qg7z-2kdg

summary QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.

references

reference_url

https://access.redhat.com/errata/RHSA-2017:1675

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:1675

reference_url

https://access.redhat.com/errata/RHSA-2017:1676

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:1676

reference_url

https://access.redhat.com/errata/RHSA-2017:1832

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:1832

reference_url

https://access.redhat.com/errata/RHSA-2018:2927

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2927

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5929.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5929.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5929

reference_id

reference_type

scores

value	0.10144
scoring_system	epss
scoring_elements	0.93086
published_at	2026-04-04T12:55:00Z

value	0.10144
scoring_system	epss
scoring_elements	0.93083
published_at	2026-04-02T12:55:00Z

value	0.10144
scoring_system	epss
scoring_elements	0.93073
published_at	2026-04-01T12:55:00Z

value	0.10144
scoring_system	epss
scoring_elements	0.93102
published_at	2026-04-13T12:55:00Z

value	0.10144
scoring_system	epss
scoring_elements	0.93103
published_at	2026-04-11T12:55:00Z

value	0.10144
scoring_system	epss
scoring_elements	0.931
published_at	2026-04-12T12:55:00Z

value	0.10144
scoring_system	epss
scoring_elements	0.93085
published_at	2026-04-07T12:55:00Z

value	0.10144
scoring_system	epss
scoring_elements	0.93093
published_at	2026-04-08T12:55:00Z

value	0.10144
scoring_system	epss
scoring_elements	0.93098
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5929

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929

reference_url

https://github.com/qos-ch/logback

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/qos-ch/logback

reference_url

https://github.com/qos-ch/logback/commit/f46044b805bca91efe5fd6afe52257cd02f775f8

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/qos-ch/logback/commit/f46044b805bca91efe5fd6afe52257cd02f775f8

reference_url

https://lists.apache.org/thread.html/18d509024d9aeb07f0e9579066f80bf5d4dcf20467b0c240043890d1@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/18d509024d9aeb07f0e9579066f80bf5d4dcf20467b0c240043890d1@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a6db61616180d73711d6db25703085940026e2dbc40f153f9d22b203@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a6db61616180d73711d6db25703085940026e2dbc40f153f9d22b203@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/fa4eaaa6ff41ac6f79811e053c152ee89b7c5da8a6ac848ae97df67f@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/fa4eaaa6ff41ac6f79811e053c152ee89b7c5da8a6ac848ae97df67f@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r0bb19330e48d5ad784fa20dacba9e5538d8d60f5cd9142e0f1432b4b@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r0bb19330e48d5ad784fa20dacba9e5538d8d60f5cd9142e0f1432b4b@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2a08573ddee4a86dc96d469485a5843a01710ee0dc2078dfca410c79@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2a08573ddee4a86dc96d469485a5843a01710ee0dc2078dfca410c79@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2c2d57ca180e8173c90fe313ddf8eabbdcf8e3ae196f8b9f42599790@%3Ccommits.mnemonic.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2c2d57ca180e8173c90fe313ddf8eabbdcf8e3ae196f8b9f42599790@%3Ccommits.mnemonic.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r397bf63783240fbb5713389d3f889d287ae0c11509006700ac720037@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r397bf63783240fbb5713389d3f889d287ae0c11509006700ac720037@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r4673642893562c58cbee60c151ded6c077e8a2d02296e862224a9161@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4673642893562c58cbee60c151ded6c077e8a2d02296e862224a9161@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r632ec30791b441e2eb5a3129532bf1b689bf181d0ef7daf50bcf0fd6@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r632ec30791b441e2eb5a3129532bf1b689bf181d0ef7daf50bcf0fd6@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r718f27bed898008a8e037d9cc848cfc1df4d18abcbaee0cb0c142cfb@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r718f27bed898008a8e037d9cc848cfc1df4d18abcbaee0cb0c142cfb@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra007cec726a3927c918ec94c4316d05d1829c49eae8dc3648adc35e2@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra007cec726a3927c918ec94c4316d05d1829c49eae8dc3648adc35e2@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rbb4dfca2f7e3e8f3570eec21c79832d33a51dfde6762725660b60169@%3Cdev.mnemonic.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rbb4dfca2f7e3e8f3570eec21c79832d33a51dfde6762725660b60169@%3Cdev.mnemonic.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc5f0cc2f3b153bdf15ee7389d78585829abc9c7af4d322ba1085dd3e@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc5f0cc2f3b153bdf15ee7389d78585829abc9c7af4d322ba1085dd3e@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd2227af3c9ada2a72dc72ed05517f5857a34d487580e1f2803922ff9@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd2227af3c9ada2a72dc72ed05517f5857a34d487580e1f2803922ff9@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re9b787727291786dfe088e3cd078c7d195c0b5781e15d3cd24a3b2fc@%3Cdev.mnemonic.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re9b787727291786dfe088e3cd078c7d195c0b5781e15d3cd24a3b2fc@%3Cdev.mnemonic.apache.org%3E

reference_url

https://logback.qos.ch/news.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://logback.qos.ch/news.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5929

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5929

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1432858
reference_id	1432858
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1432858

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857343
reference_id	857343
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857343

reference_url	http://www.cvedetails.com/cve/CVE-2017-5929/
reference_id	CVE-2017-5929
reference_type
scores
url	http://www.cvedetails.com/cve/CVE-2017-5929/

reference_url

https://github.com/advisories/GHSA-vmfg-rjjm-rjrj

reference_id

GHSA-vmfg-rjjm-rjrj

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vmfg-rjjm-rjrj

reference_url	https://access.redhat.com/errata/RHSA-2020:0983
reference_id	RHSA-2020:0983
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0983

fixed_packages

url pkg:maven/ch.qos.logback/logback-core@1.1.11

purl pkg:maven/ch.qos.logback/logback-core@1.1.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f98-j1tr-zfcm

vulnerability	VCID-pnxr-hj9y-yfd9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ch.qos.logback/logback-core@1.1.11

url pkg:maven/ch.qos.logback/logback-core@1.2.0

purl pkg:maven/ch.qos.logback/logback-core@1.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f98-j1tr-zfcm

vulnerability	VCID-pnxr-hj9y-yfd9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ch.qos.logback/logback-core@1.2.0

aliases CVE-2017-5929, GHSA-vmfg-rjjm-rjrj

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2y5d-qg7z-2kdg

url VCID-6f98-j1tr-zfcm

vulnerability_id VCID-6f98-j1tr-zfcm

summary

Deserialization of Untrusted Data
In logback version 1.2.9 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

references

reference_url

http://logback.qos.ch/news.html

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://logback.qos.ch/news.html

reference_url

http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42550.json

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42550.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-42550

reference_id

reference_type

scores

value	0.02729
scoring_system	epss
scoring_elements	0.85951
published_at	2026-04-13T12:55:00Z

value	0.02729
scoring_system	epss
scoring_elements	0.85914
published_at	2026-04-07T12:55:00Z

value	0.02729
scoring_system	epss
scoring_elements	0.85885
published_at	2026-04-01T12:55:00Z

value	0.02729
scoring_system	epss
scoring_elements	0.85933
published_at	2026-04-08T12:55:00Z

value	0.02729
scoring_system	epss
scoring_elements	0.85943
published_at	2026-04-09T12:55:00Z

value	0.02729
scoring_system	epss
scoring_elements	0.85958
published_at	2026-04-11T12:55:00Z

value	0.02729
scoring_system	epss
scoring_elements	0.85956
published_at	2026-04-12T12:55:00Z

value	0.02729
scoring_system	epss
scoring_elements	0.85912
published_at	2026-04-04T12:55:00Z

value	0.02729
scoring_system	epss
scoring_elements	0.85896
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-42550

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-371761.pdf

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/pdf/ssa-371761.pdf

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42550
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42550

reference_url

http://seclists.org/fulldisclosure/2022/Jul/11

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2022/Jul/11

reference_url

https://github.com/cn-panda/logbackRceDemo

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/cn-panda/logbackRceDemo

reference_url

https://github.com/qos-ch/logback

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/qos-ch/logback

reference_url

https://github.com/qos-ch/logback/blob/1502cba4c1dfd135b2e715bc0cf80c0045d4d128/logback-site/src/site/pages/news.html

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/qos-ch/logback/blob/1502cba4c1dfd135b2e715bc0cf80c0045d4d128/logback-site/src/site/pages/news.html

reference_url

https://github.com/qos-ch/logback/commit/87291079a1de9369ac67e20dc70a8fdc7cc4359c

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/qos-ch/logback/commit/87291079a1de9369ac67e20dc70a8fdc7cc4359c

reference_url

https://github.com/qos-ch/logback/commit/ef4fc4186b74b45ce80d86833820106ff27edd42

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/qos-ch/logback/commit/ef4fc4186b74b45ce80d86833820106ff27edd42

reference_url

https://jira.qos.ch/browse/LOGBACK-1591

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jira.qos.ch/browse/LOGBACK-1591

reference_url

https://security.netapp.com/advisory/ntap-20211229-0001

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20211229-0001

reference_url	https://security.netapp.com/advisory/ntap-20211229-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20211229-0001/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2033560
reference_id	2033560
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2033560

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-42550

reference_id

CVE-2021-42550

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-42550

reference_url

https://github.com/advisories/GHSA-668q-qrv7-99fm

reference_id

GHSA-668q-qrv7-99fm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-668q-qrv7-99fm

reference_url	https://access.redhat.com/errata/RHSA-2022:1108
reference_id	RHSA-2022:1108
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1108

reference_url	https://access.redhat.com/errata/RHSA-2022:1110
reference_id	RHSA-2022:1110
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1110

reference_url	https://access.redhat.com/errata/RHSA-2022:5498
reference_id	RHSA-2022:5498
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5498

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://usn.ubuntu.com/7616-1/
reference_id	USN-7616-1
reference_type
scores
url	https://usn.ubuntu.com/7616-1/

fixed_packages

url pkg:maven/ch.qos.logback/logback-core@1.2.8

purl pkg:maven/ch.qos.logback/logback-core@1.2.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-pnxr-hj9y-yfd9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ch.qos.logback/logback-core@1.2.8

url pkg:maven/ch.qos.logback/logback-core@1.2.9

purl pkg:maven/ch.qos.logback/logback-core@1.2.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-pnxr-hj9y-yfd9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ch.qos.logback/logback-core@1.2.9

aliases CVE-2021-42550, GHSA-668q-qrv7-99fm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6f98-j1tr-zfcm

url VCID-pnxr-hj9y-yfd9

vulnerability_id VCID-pnxr-hj9y-yfd9

summary

Logback allows an attacker to instantiate classes already present on the class path
ACE vulnerability in configuration file processing  by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file.

The instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must  have write access to a configuration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1225.json

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1225.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-1225

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01679
published_at	2026-04-13T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01689
published_at	2026-04-11T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01704
published_at	2026-04-09T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01697
published_at	2026-04-08T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01694
published_at	2026-04-07T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01695
published_at	2026-04-04T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01687
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-1225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1225

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/qos-ch/logback

reference_id

reference_type

scores

value	1.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/qos-ch/logback

reference_url

https://github.com/qos-ch/logback/commit/1f97ae1844b1be8486e4e9cade98d7123d3eded5

reference_id

reference_type

scores

value	1.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/qos-ch/logback/commit/1f97ae1844b1be8486e4e9cade98d7123d3eded5

reference_url

https://github.com/qos-ch/logback/issues/997

reference_id

reference_type

scores

value	1.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/qos-ch/logback/issues/997

reference_url

https://logback.qos.ch/news.html#1.5.25

reference_id

reference_type

scores

value	1.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:N/AU:N/RE:M/U:Green

value	1.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-22T14:14:09Z/

url

https://logback.qos.ch/news.html#1.5.25

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-1225

reference_id

reference_type

scores

value	1.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-1225

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126748
reference_id	1126748
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126748

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2431998
reference_id	2431998
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2431998

reference_url

https://github.com/advisories/GHSA-qqpg-mvqg-649v

reference_id

GHSA-qqpg-mvqg-649v

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qqpg-mvqg-649v

fixed_packages

url	pkg:maven/ch.qos.logback/logback-core@1.5.25
purl	pkg:maven/ch.qos.logback/logback-core@1.5.25
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/ch.qos.logback/logback-core@1.5.25

aliases CVE-2026-1225, GHSA-qqpg-mvqg-649v

risk_score 2.2

exploitability 0.5

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pnxr-hj9y-yfd9

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ch.qos.logback/logback-core@1.0.11

Package Instance