All vulnerabilities
CVE-2024-12801
QOS.CH logback-core Server-Side Request Forgery vulnerability
Description
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML.
The attacks involves the modification of DOCTYPE declaration in XML configuration files.
Patch Available
Fix available through Seal Security.
No upgrade required, protect your application instantly.
Fix without upgrading
Score
2.4
Severity
Low
Ecosystem
Java
Publish Date
December 19, 2024
Modified Date
February 3, 2026
Score Vector
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:L/SC:H/SI:H/SA:H/V:D/U:Clear
Affected Versions
