{"url":"http://public2.vulnerablecode.io/api/packages/59861?format=json","purl":"pkg:maven/ch.qos.logback/logback-core@1.2.8","type":"maven","namespace":"ch.qos.logback","name":"logback-core","version":"1.2.8","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.2.0","latest_non_vulnerable_version":"1.5.25","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41894?format=json","vulnerability_id":"VCID-7ebh-b7qu-zqcw","summary":"Deserialization of Untrusted Data\nIn logback version 1.2.9 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.","references":[{"reference_url":"http://logback.qos.ch/news.html","reference_id":"","reference_type":"","scores":[],"url":"http://logback.qos.ch/news.html"},{"reference_url":"https://github.com/cn-panda/logbackRceDemo","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/cn-panda/logbackRceDemo"},{"reference_url":"https://github.com/qos-ch/logback/blob/1502cba4c1dfd135b2e715bc0cf80c0045d4d128/logback-site/src/site/pages/news.html","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/qos-ch/logback/blob/1502cba4c1dfd135b2e715bc0cf80c0045d4d128/logback-site/src/site/pages/news.html"},{"reference_url":"https://github.com/qos-ch/logback/commit/87291079a1de9369ac67e20dc70a8fdc7cc4359c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/qos-ch/logback/commit/87291079a1de9369ac67e20dc70a8fdc7cc4359c"},{"reference_url":"https://github.com/qos-ch/logback/commit/ef4fc4186b74b45ce80d86833820106ff27edd42","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/qos-ch/logback/commit/ef4fc4186b74b45ce80d86833820106ff27edd42"},{"reference_url":"https://jira.qos.ch/browse/LOGBACK-1591","reference_id":"","reference_type":"","scores":[],"url":"https://jira.qos.ch/browse/LOGBACK-1591"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211229-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20211229-0001/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42550","reference_id":"CVE-2021-42550","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42550"},{"reference_url":"https://github.com/advisories/GHSA-668q-qrv7-99fm","reference_id":"GHSA-668q-qrv7-99fm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-668q-qrv7-99fm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59861?format=json","purl":"pkg:maven/ch.qos.logback/logback-core@1.2.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/ch.qos.logback/logback-core@1.2.8"}],"aliases":["CVE-2021-42550","GHSA-668q-qrv7-99fm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ebh-b7qu-zqcw"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/ch.qos.logback/logback-core@1.2.8"}