Qos Logback
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Qos Logback.
By the Year
In 2026 there have been 0 vulnerabilities in Qos Logback. Logback did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 0.00 |
| 2023 | 2 | 7.50 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 6.60 |
It may take a day or so for new Logback vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Qos Logback Security Vulnerabilities
SSRF via SaxEventRecorder in QOS.CH logback 0.1-1.3.14 & 1.4.0-1.5.12
CVE-2024-12801
- December 19, 2024
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files.
Logback Receiver DoS via Serialization Before 1.4.13
CVE-2023-6481
7.5 - High
- December 04, 2023
A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
logback 1.4.11 Receiver SerDoS Vulnerability
CVE-2023-6378
7.5 - High
- November 29, 2023
A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
Marshaling, Unmarshaling
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration
CVE-2021-42550
6.6 - Medium
- December 16, 2021
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
Marshaling, Unmarshaling
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
CVE-2017-5929
- March 13, 2017
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Qos Logback or by Qos? Click the Watch button to subscribe.
