发布时间: 2025年1月24日
修改时间: 2025年1月24日
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | Low | |
| Attack Vector | Network | |
| CVSS评分 | N/A | 5.0 |
| Attack Complexity | Low | |
| Privileges Required | Low | |
| Scope | Changed | |
| Integrity | None | |
| User Interaction | None | |
| Availability | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2025-1623 | logback security update | 2025年3月18日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5 | logback | Fixed |
| KY3.5.3 | logback | Fixed |
| V6 | logback | Fixed |
| KY3.5.2 | logback | Fixed |
