VulnerableCode Package Details - pkg:maven/ch.qos.logback/logback-core@0.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-2y5d-qg7z-2kdg Aliases: CVE-2017-5929 GHSA-vmfg-rjjm-rjrj	QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.	1.1.11 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.2.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-6f98-j1tr-zfcm Aliases: CVE-2021-42550 GHSA-668q-qrv7-99fm	Deserialization of Untrusted Data In logback version 1.2.9 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.	1.2.8 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.2.9 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-pnxr-hj9y-yfd9 Aliases: CVE-2026-1225 GHSA-qqpg-mvqg-649v	Logback allows an attacker to instantiate classes already present on the class path ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must have write access to a configuration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado.	1.5.25 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2y5d-qg7z-2kdg
Aliases:
CVE-2017-5929
GHSA-vmfg-rjjm-rjrj

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.

1.1.11
Affected by 2 other vulnerabilities.

1.2.0
Affected by 2 other vulnerabilities.

VCID-6f98-j1tr-zfcm
Aliases:
CVE-2021-42550
GHSA-668q-qrv7-99fm

Deserialization of Untrusted Data In logback version 1.2.9 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

1.2.8
Affected by 1 other vulnerability.

1.2.9
Affected by 1 other vulnerability.

VCID-pnxr-hj9y-yfd9
Aliases:
CVE-2026-1225
GHSA-qqpg-mvqg-649v

Logback allows an attacker to instantiate classes already present on the class path ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must have write access to a configuration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado.

1.5.25
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-12T01:35:35.486421+00:00	GitLab Importer	Affected by	VCID-pnxr-hj9y-yfd9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/ch.qos.logback/logback-core/CVE-2026-1225.yml	38.3.0
2026-04-11T22:50:22.442611+00:00	GitLab Importer	Affected by	VCID-6f98-j1tr-zfcm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/ch.qos.logback/logback-core/CVE-2021-42550.yml	38.3.0
2026-04-11T21:46:59.338866+00:00	GitLab Importer	Affected by	VCID-2y5d-qg7z-2kdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/ch.qos.logback/logback-core/CVE-2017-5929.yml	38.3.0
2026-04-03T01:44:35.243116+00:00	GitLab Importer	Affected by	VCID-pnxr-hj9y-yfd9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/ch.qos.logback/logback-core/CVE-2026-1225.yml	38.1.0
2026-04-02T22:59:46.500991+00:00	GitLab Importer	Affected by	VCID-6f98-j1tr-zfcm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/ch.qos.logback/logback-core/CVE-2021-42550.yml	38.1.0
2026-04-02T22:00:59.173379+00:00	GitLab Importer	Affected by	VCID-2y5d-qg7z-2kdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/ch.qos.logback/logback-core/CVE-2017-5929.yml	38.1.0
2026-04-01T17:18:30.647849+00:00	GitLab Importer	Affected by	VCID-6f98-j1tr-zfcm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/ch.qos.logback/logback-core/CVE-2021-42550.yml	38.0.0
2026-04-01T16:18:10.170673+00:00	GitLab Importer	Affected by	VCID-2y5d-qg7z-2kdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/ch.qos.logback/logback-core/CVE-2017-5929.yml	38.0.0