ch.qos.logback:logback-core
Maven8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting ch.qos.logback:logback-corepage 1 of 1
- CVE-2017-5929CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.2.02017-03-13
vulnerable: 0.2.5 ... 1.1.9 (65 versions)
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
- CVE-2021-42550MEDIUMCVSS 6.6EG 6.6✓ Fixed in 1.2.92021-12-16
vulnerable: 0.2.5 ... 1.2.8 (75 versions)
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
- CVE-2023-6378HIGHCVSS 7.1EG 7.1✓ Fixed in 1.2.132023-11-29
vulnerable: 0.2.5 ... 1.2.9 (79 versions)
A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
- CVE-2023-6481HIGHCVSS 7.1EG 7.1✓ Fixed in 1.2.132023-12-04
vulnerable: 1.2.12
A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
- CVE-2024-12798MEDIUMCVSS 5.9EG 0.0✓ Fixed in 1.3.152024-12-19
vulnerable: 0.2.5 ... 1.3.9 (113 versions)
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logbac…
- CVE-2024-12801LOWCVSS 2.4EG 0.0✓ Fixed in 1.3.152024-12-19
vulnerable: 0.2.5 ... 1.3.9 (113 versions)
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The att…
- CVE-2025-11226MEDIUMCVSS 5.9EG 0.0✓ Fixed in 1.3.162025-10-01
vulnerable: 0.2.5 ... 1.3.9 (114 versions)
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration …
- CVE-2026-1225LOWCVSS 1.8EG 0.0✓ Fixed in 1.5.252026-01-22
vulnerable: 0.2.5 ... 1.5.9 (155 versions)
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing log…
Check whether ch.qos.logback:logback-core is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ch.qos.logback:logback-core CVEs against the assets you own.
Start Free Scan →