Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
Vulnerability Description
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
logback 安全漏洞
Vulnerability Description
logback是QOS.CH开源的一个可靠、通用、快速且灵活的 Java 日志记录框架。 logback 1.5.12版本存在安全漏洞,该漏洞源于SaxEventRecorder包含一个服务器端请求伪造问题。攻击者利用该漏洞可以通过破坏XML中的logback配置文件来伪造请求。
CVSS Information
N/A
Vulnerability Type
N/A