Security Advisories

CGA-gvp8-cqcj-9m75

Published

Last updated

https://images.chainguard.dev/security/CGA-gvp8-cqcj-9m75

Package

stargate

Latest Update

Fixed

Fixed Version

1.0.78-r2

Aliases

CVE-2023-6481
GHSA-gm62-rw4g-vrc4

Severity

7.1

High

CVSS V3

Summary

Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data

Description

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-6481
https://github.com/advisories/GHSA-gm62-rw4g-vrc4
https://github.com/qos-ch/logback/commit/7018a3609c7bcc9dc7bf5903509901a986e5f578
https://github.com/qos-ch/logback/commit/c612b2fa3caf6eef3c75f1cd5859438451d0fd6f
https://github.com/qos-ch/logback
https://logback.qos.ch/news.html#1.3.12
https://logback.qos.ch/news.html#1.3.14

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-gvp8-cqcj-9m75

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources