VulnerableCode Package Details - pkg:maven/ch.qos.logback/logback-core@1.5.25

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-pnxr-hj9y-yfd9	Logback allows an attacker to instantiate classes already present on the class path ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must have write access to a configuration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado.	CVE-2026-1225 GHSA-qqpg-mvqg-649v

Vulnerability

Summary

Aliases

VCID-pnxr-hj9y-yfd9

Logback allows an attacker to instantiate classes already present on the class path ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must have write access to a configuration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado.

CVE-2026-1225
GHSA-qqpg-mvqg-649v

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-17T00:11:48.950804+00:00	GitLab Importer	Fixing	VCID-pnxr-hj9y-yfd9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/ch.qos.logback/logback-core/CVE-2026-1225.yml	38.4.0
2026-04-12T01:35:36.027265+00:00	GitLab Importer	Fixing	VCID-pnxr-hj9y-yfd9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/ch.qos.logback/logback-core/CVE-2026-1225.yml	38.3.0
2026-04-03T01:44:35.873543+00:00	GitLab Importer	Fixing	VCID-pnxr-hj9y-yfd9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/ch.qos.logback/logback-core/CVE-2026-1225.yml	38.1.0
2026-04-01T16:07:48.857643+00:00	GHSA Importer	Fixing	VCID-pnxr-hj9y-yfd9	https://github.com/advisories/GHSA-qqpg-mvqg-649v	38.0.0
2026-04-01T12:53:43.185985+00:00	GitLab Importer	Fixing	VCID-pnxr-hj9y-yfd9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/ch.qos.logback/logback-core/CVE-2026-1225.yml	38.0.0
2026-04-01T12:52:14.553943+00:00	GithubOSV Importer	Fixing	VCID-pnxr-hj9y-yfd9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-qqpg-mvqg-649v/GHSA-qqpg-mvqg-649v.json	38.0.0