logback serialization vulnerability
rama280290 opened this issue · 1 comments
rama280290 commented
A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
Upgrade ch.qos.logback:logback-classic to version 1.2.13 or later
jackshirazi commented
Thanks, per the name logback-legacy-tests this module only has test code (only src/test/java/... exists in that module) for legacy logback versions, and is never deployed other than to CI to run tests. The actual logback dependency in logback-ecs-encoder/pom.xml is already on 1.2.13