{"id":"CVE-2021-42550","details":"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.","aliases":["GHSA-668q-qrv7-99fm"],"modified":"2026-05-18T05:53:09.048132574Z","published":"2021-12-16T19:15:08.297Z","related":["SUSE-SU-2023:2097-1","openSUSE-SU-2024:12026-1","openSUSE-SU-2024:12224-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:a:qos:logback:1.3.0:alpha1:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"1.3.0-alpha1"}],"vendor_product":"qos:logback","source":"CPE_FIELD"},{"cpes":["cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"6.0"}],"vendor_product":"redhat:satellite","source":"CPE_FIELD"},{"cpes":["cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*"],"extracted_events":[{"fixed":"1.0.3"}],"vendor_product":"siemens:sinec_nms","source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"http://logback.qos.ch/news.html"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2022/Jul/11"},{"type":"ADVISORY","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-371761.pdf"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20211229-0001/"},{"type":"FIX","url":"https://jira.qos.ch/browse/LOGBACK-1591"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"},{"type":"EVIDENCE","url":"https://github.com/cn-panda/logbackRceDemo"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qos-ch/logback","events":[{"introduced":"0"},{"last_affected":"626c7733c188f2ad60c1348a493761f60e2d7958"},{"last_affected":"9d4cbcc80f30a6c6915f4ee667e72d69a159bde0"},{"last_affected":"b6dbbba5b7cb97affd9e7ada6d44efc60f859e2d"},{"last_affected":"9b684f41c07d5ebfecfea1a2c5c6198d47c71ac2"},{"last_affected":"1f052b53a954bdfa8d893f9906b767821b3af62f"},{"last_affected":"e23e9c0e12dec801897fa440b2302b01dfa2abce"},{"last_affected":"241d1e72b0ab24db502068bde5de8f6f562ef157"},{"last_affected":"364989315c257b2388d17cc757b1bc03f66e3a30"},{"last_affected":"cfc8247f9215f2aa14715da95b5813393b9c4ada"},{"last_affected":"40da1f7435acd90f640b0fc0aa5d33894e472731"},{"last_affected":"d993a7abe495f04ad3bee033ad060711d05830e4"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"1.2.7"},{"last_affected":"1.3.0-alpha0"},{"last_affected":"1.3.0-alpha10"},{"last_affected":"1.3.0-alpha2"},{"last_affected":"1.3.0-alpha3"},{"last_affected":"1.3.0-alpha4"},{"last_affected":"1.3.0-alpha5"},{"last_affected":"1.3.0-alpha6"},{"last_affected":"1.3.0-alpha7"},{"last_affected":"1.3.0-alpha8"},{"last_affected":"1.3.0-alpha9"}],"cpe":["cpe:2.3:a:qos:logback:*:*:*:*:*:*:*:*","cpe:2.3:a:qos:logback:1.3.0:alpha0:*:*:*:*:*:*","cpe:2.3:a:qos:logback:1.3.0:alpha10:*:*:*:*:*:*","cpe:2.3:a:qos:logback:1.3.0:alpha2:*:*:*:*:*:*","cpe:2.3:a:qos:logback:1.3.0:alpha3:*:*:*:*:*:*","cpe:2.3:a:qos:logback:1.3.0:alpha4:*:*:*:*:*:*","cpe:2.3:a:qos:logback:1.3.0:alpha5:*:*:*:*:*:*","cpe:2.3:a:qos:logback:1.3.0:alpha6:*:*:*:*:*:*","cpe:2.3:a:qos:logback:1.3.0:alpha7:*:*:*:*:*:*","cpe:2.3:a:qos:logback:1.3.0:alpha8:*:*:*:*:*:*","cpe:2.3:a:qos:logback:1.3.0:alpha9:*:*:*:*:*:*"],"source":"CPE_FIELD"}}],"versions":["v_1.2.7","v_1.2.6","v_1.3.0-alpha10","v_1.3.0-alpha9","v_1.3.0-alpha8","v_1.3.0-alpha7","v_1.2.5","v_1.3.0-alpha6","v_1.2.4","v_1.3.0-alpha5","list","v_1.3.0-alpha4","v_1.3.0-alpha3","v_1.3.0-alpha2","v_1.8.0-alpha1","v_1.3.0-alpha0","v_1.2.3","v_1.2.2","v_1.1.10","v_1.2.1","v_1.2.0","v_1.1.8","v_1.1.7","v_1.1.6","v_1.1.5","v_1.1.4","v_1.1.1","v_1.1.0","v_1.0.11","v1.0.10","v_1.0.9","v_1.0.8","v_1.0.7","v_1.0.6","v_1.0.5","v_1.0.4","v_1.0.3","v_1.0.2","v_1.0.1","v_1.0.0","v_0.9.30","v_0.9.29","v_0.9.28","v_0.9.27","v_0.9.26","v_0.9.25","v_0.9.24","v_0.9.23","v_0.9.22","v_0.9.21","v0.9.20","release_0.9.19","v0.9.18"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-42550.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}