CGA-7qhv-82cx-27pj

Published

Last updated

https://images.chainguard.dev/security/CGA-7qhv-82cx-27pj

Package

trino

Latest Update

Fixed

Fixed Version

468-r1

Aliases

CVE-2024-12801
GHSA-6v67-2wr5-gvf4

Severity

Unknown

Summary

QOS.CH logback-core Server-Side Request Forgery vulnerability

Description

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML.

The attacks involves the modification of DOCTYPE declaration in XML configuration files.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-12801
https://github.com/advisories/GHSA-6v67-2wr5-gvf4
https://github.com/qos-ch/logback/commit/5f05041cba4c4ac0a62748c5c527a2da48999f2d
https://github.com/qos-ch/logback
https://logback.qos.ch/news.html#1.3.15
https://logback.qos.ch/news.html#1.5.13

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-7qhv-82cx-27pj

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources