[CVE-2023-6378] - New vulnerability has been discovered

Question

[CVE-2023-6378] - New vulnerability has been discovered

Vladyslav-IA opened this issue 6 months ago · 2 comments

The new vulnerability has been discovered [CVE-2023-6378]. It comes from logback-core that is used in your application.
It presents in all including the latest version https://mvnrepository.com/artifact/net.logstash.logback/logstash-logback-encoder/7.4
Could you please upgrade logback-core to latest version? Thank you!

Answer 1 · 2023-12-04T16:57:30.000Z

Until the version is bumped in logstash-logback-encoder, you can directly depend on the newer logback version in your application, or use dependencyManagement as described in Including it in your project

Answer 2 · 2023-12-11T14:20:26.000Z

A new, very similar vulnerability has been discovered CVE-2023-6481