Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino
Vulnerability Description
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. A successful attack requires the presence of Janino library and Spring Framework to be present on the user's class path. In addition, the attacker must have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privilege.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Quality Open Software Logback 安全漏洞
Vulnerability Description
Quality Open Software Logback是瑞士Quality Open Software公司的一个 Java 应用程序的日志记录框架。 Quality Open Software Logback 1.5.18及之前版本存在安全漏洞,该漏洞源于条件配置文件处理不当,可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A