Vulnerability

CVE-2024-12801

 Report advisory or correction

CVSS Score 2.4 low

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:L/SC:H/SI:H/SA:H

CWE

CWE-918

References

https://github.com/advisories/GHSA-6v67-2wr5-gvf4
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-12801

[CVE-2024-12801] CWE-918: Server-Side Request Forgery (SSRF)

Description

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12  on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in  XML configuration files.

Deviation Notice:
Sonatype's research suggests that this CVE's details differ from those defined at NVD or other reporting sources; sign in for details.

Sign up and see:

Detailed deviation notices:
  • Detailed deviations
  • References
  • Custom Descriptions [Coming Soon]
Sign Up