Search for packages
| purl | pkg:deb/debian/logback@1:1.2.11-3 |
| Next non-vulnerable version | 1:1.2.11-6 |
| Latest non-vulnerable version | 1:1.2.11-6 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-kfd6-e5jj-fkht
Aliases: CVE-2023-6378 GHSA-vmq6-5m68-f53m |
logback serialization vulnerability A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-6f98-j1tr-zfcm | Deserialization of Untrusted Data In logback version 1.2.9 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. |
CVE-2021-42550
GHSA-668q-qrv7-99fm |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T09:14:58.978549+00:00 | Debian Importer | Affected by | VCID-kfd6-e5jj-fkht | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-16T09:13:54.405601+00:00 | Debian Importer | Fixing | VCID-6f98-j1tr-zfcm | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-11T18:11:04.860742+00:00 | Debian Importer | Affected by | VCID-kfd6-e5jj-fkht | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-11T18:10:28.513251+00:00 | Debian Importer | Fixing | VCID-6f98-j1tr-zfcm | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-04T17:59:43.038243+00:00 | Debian Importer | Affected by | VCID-kfd6-e5jj-fkht | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-04T17:59:20.931445+00:00 | Debian Importer | Fixing | VCID-6f98-j1tr-zfcm | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |