Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-kfd6-e5jj-fkht
Vulnerability ID VCID-kfd6-e5jj-fkht
Aliases CVE-2023-6378
GHSA-vmq6-5m68-f53m
Summary logback serialization vulnerability A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-502 Deserialization of Untrusted Data
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-499 Serializable Class Containing Sensitive Data
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6378.json
epss 0.00613 https://api.first.org/data/v1/epss?cve=CVE-2023-6378
epss 0.00613 https://api.first.org/data/v1/epss?cve=CVE-2023-6378
epss 0.00613 https://api.first.org/data/v1/epss?cve=CVE-2023-6378
epss 0.00613 https://api.first.org/data/v1/epss?cve=CVE-2023-6378
epss 0.00613 https://api.first.org/data/v1/epss?cve=CVE-2023-6378
epss 0.00613 https://api.first.org/data/v1/epss?cve=CVE-2023-6378
epss 0.00613 https://api.first.org/data/v1/epss?cve=CVE-2023-6378
epss 0.00613 https://api.first.org/data/v1/epss?cve=CVE-2023-6378
epss 0.00613 https://api.first.org/data/v1/epss?cve=CVE-2023-6378
epss 0.00613 https://api.first.org/data/v1/epss?cve=CVE-2023-6378
epss 0.0063 https://api.first.org/data/v1/epss?cve=CVE-2023-6378
epss 0.0063 https://api.first.org/data/v1/epss?cve=CVE-2023-6378
epss 0.0063 https://api.first.org/data/v1/epss?cve=CVE-2023-6378
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-vmq6-5m68-f53m
cvssv3.1 7.1 https://github.com/qos-ch/logback
generic_textual HIGH https://github.com/qos-ch/logback
cvssv3.1 7.1 https://github.com/qos-ch/logback/commit/9c782b45be4abdafb7e17481e24e7354c2acd1eb
generic_textual HIGH https://github.com/qos-ch/logback/commit/9c782b45be4abdafb7e17481e24e7354c2acd1eb
cvssv3.1 7.1 https://github.com/qos-ch/logback/commit/b8eac23a9de9e05fb6d51160b3f46acd91af9731
generic_textual HIGH https://github.com/qos-ch/logback/commit/b8eac23a9de9e05fb6d51160b3f46acd91af9731
cvssv3.1 7.1 https://github.com/qos-ch/logback/commit/bb095154be011267b64e37a1d401546e7cc2b7c3
generic_textual HIGH https://github.com/qos-ch/logback/commit/bb095154be011267b64e37a1d401546e7cc2b7c3
cvssv3.1 7.1 https://github.com/qos-ch/logback/issues/745#issuecomment-1836227158
generic_textual HIGH https://github.com/qos-ch/logback/issues/745#issuecomment-1836227158
cvssv3.1 7.1 https://logback.qos.ch/manual/receivers.html
generic_textual HIGH https://logback.qos.ch/manual/receivers.html
cvssv3.1 7.1 https://logback.qos.ch/news.html#1.2.13
generic_textual HIGH https://logback.qos.ch/news.html#1.2.13
cvssv3.1 7.1 https://logback.qos.ch/news.html#1.3.12
generic_textual HIGH https://logback.qos.ch/news.html#1.3.12
ssvc Track https://logback.qos.ch/news.html#1.3.12
cvssv3.1 7.1 https://nvd.nist.gov/vuln/detail/CVE-2023-6378
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-6378
cvssv3.1 7.1 https://security.netapp.com/advisory/ntap-20241129-0012
generic_textual HIGH https://security.netapp.com/advisory/ntap-20241129-0012
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6378.json
https://api.first.org/data/v1/epss?cve=CVE-2023-6378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6378
https://github.com/qos-ch/logback
https://github.com/qos-ch/logback/commit/9c782b45be4abdafb7e17481e24e7354c2acd1eb
https://github.com/qos-ch/logback/commit/b8eac23a9de9e05fb6d51160b3f46acd91af9731
https://github.com/qos-ch/logback/commit/bb095154be011267b64e37a1d401546e7cc2b7c3
https://github.com/qos-ch/logback/issues/745#issuecomment-1836227158
https://logback.qos.ch/manual/receivers.html
https://logback.qos.ch/news.html#1.2.13
https://logback.qos.ch/news.html#1.3.12
https://security.netapp.com/advisory/ntap-20241129-0012
1057423 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057423
2252230 https://bugzilla.redhat.com/show_bug.cgi?id=2252230
CVE-2023-6378 https://nvd.nist.gov/vuln/detail/CVE-2023-6378
GHSA-vmq6-5m68-f53m https://github.com/advisories/GHSA-vmq6-5m68-f53m
RHSA-2024:0793 https://access.redhat.com/errata/RHSA-2024:0793
RHSA-2024:4631 https://access.redhat.com/errata/RHSA-2024:4631
USN-7616-1 https://usn.ubuntu.com/7616-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6378.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://github.com/qos-ch/logback
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://github.com/qos-ch/logback/commit/9c782b45be4abdafb7e17481e24e7354c2acd1eb
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://github.com/qos-ch/logback/commit/b8eac23a9de9e05fb6d51160b3f46acd91af9731
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://github.com/qos-ch/logback/commit/bb095154be011267b64e37a1d401546e7cc2b7c3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://github.com/qos-ch/logback/issues/745#issuecomment-1836227158
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://logback.qos.ch/manual/receivers.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://logback.qos.ch/news.html#1.2.13
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://logback.qos.ch/news.html#1.3.12
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T17:51:31Z/ Found at https://logback.qos.ch/news.html#1.3.12
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6378
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20241129-0012
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.6978
EPSS Score 0.00613
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:52:10.792064+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/ch.qos.logback/logback-core/CVE-2023-6378.yml 38.0.0