CX: CVE-2021-42550 in Maven-ch.qos.logback:logback-core and 1.2.7 @ hello-world-java.master

**Description**

In logback versions prior to 1.2.9 and 1.3.x prior to 1.3.0-alpha11, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

**MEDIUM Vulnerable Package** issue exists @ **ch.qos.logback:logback-core** in branch **master**

**Vulnerability ID:** CVE-2021-42550

**Package Name:** ch.qos.logback:logback-core

**Severity:** MEDIUM

**CVSS Score:** 6.6

**Publish Date:** 2021-12-16T19:15:00

**Current Package Version:** 1.2.7

**Remediation Upgrade Recommendation:** 1.2.9

[Link To SCA](https://sca.checkmarx.net/#/projects/f78fe83c-aa61-4729-8ef7-e65b39520ced/reports/5ae74bc0-38c0-40e4-89f1-1b2462b165bd/vulnerabilities/CVE-2021-42550%3AMaven-ch.qos.logback%3Alogback-core-1.2.7/vulnerabilityDetails/vulnerabilities/CVE-2021-42550%3AMaven-ch.qos.logback%3Alogback-core-1.2.7/vulnerabilityDetails)

[Reference – NVD link](https://nvd.nist.gov/vuln/detail/CVE-2021-42550)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX: CVE-2021-42550 in Maven-ch.qos.logback:logback-core and 1.2.7 @ hello-world-java.master #5

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CX: CVE-2021-42550 in Maven-ch.qos.logback:logback-core and 1.2.7 @ hello-world-java.master #5

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions