Investigate vulnerability: Deserialization of Untrusted Data in ch.qos.logback/logback-classic

描述:

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.

• 严重程度: critical
• 置信度: unknown
• 位置: pom.xml

解决方案:

Upgrade to version 1.2.0 or above.

标识符:

• Gemnasium-094e4d82-990e-4851-91b2-2caee53c6eb0
• CVE-2017-5929
• GHSA-vmfg-rjjm-rjrj

链接:

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929
• https://github.com/advisories/GHSA-vmfg-rjjm-rjrj
• https://github.com/qos-ch/logback/commit/f46044b805bca91efe5fd6afe52257cd02f775f8
• https://nvd.nist.gov/vuln/detail/CVE-2017-5929

扫描工具:

• 名称: gemnasium-maven
• 类型: dependency_scanning
• 状态: success
• 开始时间: 2022-09-30T02:35:25
• 结束时间: 2022-09-30T02:38:48