In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| ch.qos.logback:logback-core(Maven) | 0 | 1.2.9 | N/A |
CVSS Metrics
