Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/ch.qos.logback/logback-core@1.2.13

Type maven

Namespace ch.qos.logback

Name logback-core

Version 1.2.13

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.3.12

Latest_non_vulnerable_version 1.5.25

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1gwp-x43g-fua9

vulnerability_id VCID-1gwp-x43g-fua9

summary

logback serialization vulnerability
A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6378.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6378.json

reference_url

https://github.com/qos-ch/logback

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/qos-ch/logback

reference_url

https://github.com/qos-ch/logback/commit/9c782b45be4abdafb7e17481e24e7354c2acd1eb

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/qos-ch/logback/commit/9c782b45be4abdafb7e17481e24e7354c2acd1eb

reference_url

https://github.com/qos-ch/logback/commit/b8eac23a9de9e05fb6d51160b3f46acd91af9731

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/qos-ch/logback/commit/b8eac23a9de9e05fb6d51160b3f46acd91af9731

reference_url

https://github.com/qos-ch/logback/commit/bb095154be011267b64e37a1d401546e7cc2b7c3

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/qos-ch/logback/commit/bb095154be011267b64e37a1d401546e7cc2b7c3

reference_url

https://github.com/qos-ch/logback/issues/745#issuecomment-1836227158

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/qos-ch/logback/issues/745#issuecomment-1836227158

reference_url

https://logback.qos.ch/manual/receivers.html

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://logback.qos.ch/manual/receivers.html

reference_url

https://logback.qos.ch/news.html#1.2.13

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://logback.qos.ch/news.html#1.2.13

reference_url

https://logback.qos.ch/news.html#1.3.12

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://logback.qos.ch/news.html#1.3.12

reference_url

https://security.netapp.com/advisory/ntap-20241129-0012

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20241129-0012

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057423
reference_id	1057423
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057423

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2252230
reference_id	2252230
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2252230

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-6378

reference_id

CVE-2023-6378

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-6378

reference_url	https://github.com/advisories/GHSA-vmq6-5m68-f53m
reference_id	GHSA-vmq6-5m68-f53m
reference_type
scores
url	https://github.com/advisories/GHSA-vmq6-5m68-f53m

reference_url	https://access.redhat.com/errata/RHSA-2024:0793
reference_id	RHSA-2024:0793
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0793

reference_url	https://access.redhat.com/errata/RHSA-2024:4631
reference_id	RHSA-2024:4631
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4631

fixed_packages

url	pkg:maven/ch.qos.logback/logback-core@1.2.13
purl	pkg:maven/ch.qos.logback/logback-core@1.2.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/ch.qos.logback/logback-core@1.2.13

url	pkg:maven/ch.qos.logback/logback-core@1.3.12
purl	pkg:maven/ch.qos.logback/logback-core@1.3.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/ch.qos.logback/logback-core@1.3.12

url	pkg:maven/ch.qos.logback/logback-core@1.4.12
purl	pkg:maven/ch.qos.logback/logback-core@1.4.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/ch.qos.logback/logback-core@1.4.12

aliases CVE-2023-6378, GHSA-vmq6-5m68-f53m

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1gwp-x43g-fua9

url VCID-whst-vck1-cqbs

vulnerability_id VCID-whst-vck1-cqbs

summary

Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data
A serialization vulnerability in logback receiver component part of 
logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service 
attack by sending poisoned data.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6481.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6481.json

reference_url

https://github.com/qos-ch/logback

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/qos-ch/logback

reference_url

https://github.com/qos-ch/logback/commit/7018a3609c7bcc9dc7bf5903509901a986e5f578

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/qos-ch/logback/commit/7018a3609c7bcc9dc7bf5903509901a986e5f578

reference_url

https://github.com/qos-ch/logback/commit/c612b2fa3caf6eef3c75f1cd5859438451d0fd6f

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/qos-ch/logback/commit/c612b2fa3caf6eef3c75f1cd5859438451d0fd6f

reference_url

https://logback.qos.ch/news.html#1.3.12

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://logback.qos.ch/news.html#1.3.12

reference_url

https://logback.qos.ch/news.html#1.3.14

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://logback.qos.ch/news.html#1.3.14

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2252956
reference_id	2252956
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2252956

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-6481

reference_id

CVE-2023-6481

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-6481

reference_url	https://github.com/advisories/GHSA-gm62-rw4g-vrc4
reference_id	GHSA-gm62-rw4g-vrc4
reference_type
scores
url	https://github.com/advisories/GHSA-gm62-rw4g-vrc4

reference_url	https://access.redhat.com/errata/RHSA-2024:0793
reference_id	RHSA-2024:0793
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0793

reference_url	https://access.redhat.com/errata/RHSA-2024:0843
reference_id	RHSA-2024:0843
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0843

fixed_packages

url	pkg:maven/ch.qos.logback/logback-core@1.2.13
purl	pkg:maven/ch.qos.logback/logback-core@1.2.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/ch.qos.logback/logback-core@1.2.13

url	pkg:maven/ch.qos.logback/logback-core@1.3.14
purl	pkg:maven/ch.qos.logback/logback-core@1.3.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/ch.qos.logback/logback-core@1.3.14

url	pkg:maven/ch.qos.logback/logback-core@1.4.14
purl	pkg:maven/ch.qos.logback/logback-core@1.4.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/ch.qos.logback/logback-core@1.4.14

aliases CVE-2023-6481, GHSA-gm62-rw4g-vrc4

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-whst-vck1-cqbs

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ch.qos.logback/logback-core@1.2.13

Package Instance