CGA-v3gv-5vpv-r7rp

Published

Last updated

https://images.chainguard.dev/security/CGA-v3gv-5vpv-r7rp

Package

kserve-modelmesh

Latest Update

Fixed

Fixed Version

0.12.0-r6

Aliases

CVE-2024-12801
GHSA-6v67-2wr5-gvf4

Severity

Unknown

Summary

QOS.CH logback-core Server-Side Request Forgery vulnerability

Description

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML.

The attacks involves the modification of DOCTYPE declaration in XML configuration files.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-12801
https://github.com/advisories/GHSA-6v67-2wr5-gvf4
https://github.com/qos-ch/logback/commit/5f05041cba4c4ac0a62748c5c527a2da48999f2d
https://github.com/qos-ch/logback
https://logback.qos.ch/news.html#1.3.15
https://logback.qos.ch/news.html#1.5.13

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-v3gv-5vpv-r7rp

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources