{"id":"CVE-2023-6378","details":"A serialization vulnerability in logback receiver component part of \nlogback version 1.4.11 allows an attacker to mount a Denial-Of-Service \nattack by sending poisoned data.\n\n","aliases":["GHSA-vmq6-5m68-f53m"],"modified":"2026-04-12T10:19:15.687455Z","published":"2023-11-29T12:15:07.543Z","related":["CGA-gmw6-3xjc-xf3x","openSUSE-SU-2025:15597-1"],"references":[{"type":"ADVISORY","url":"https://logback.qos.ch/news.html#1.3.12"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241129-0012/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qos-ch/logback","events":[{"introduced":"dc4ed6962985897ea4a3a0318111cdef6993d620"},{"fixed":"2648b9e7fbb47426c89b9c93b411c07484e8f277"},{"introduced":"50449f830bd46bd547016b49475d2760686b15be"},{"fixed":"0df4ec15d45301b5d0a6e2de6466a17944c3a871"},{"introduced":"e83403e15547abb077d5957e4fb8a302293541dc"},{"fixed":"88abf59a18720854f4f55feb8d8f6951cfaf6037"}],"database_specific":{"extracted_events":[{"introduced":"1.2.0"},{"fixed":"1.2.13"},{"introduced":"1.3.0"},{"fixed":"1.3.12"},{"introduced":"1.4.0"},{"fixed":"1.4.12"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:qos:logback:*:*:*:*:*:*:*:*"}}],"versions":["possible_mvn_issue","v1.3.2","v1.4.2","v_1.2.0","v_1.2.1","v_1.2.10","v_1.2.11","v_1.2.12","v_1.2.2","v_1.2.3","v_1.2.4","v_1.2.5","v_1.2.6","v_1.2.7","v_1.2.8","v_1.2.9","v_1.3.0","v_1.3.1","v_1.3.10","v_1.3.11","v_1.3.3","v_1.3.4","v_1.3.5","v_1.3.6","v_1.3.7","v_1.3.8","v_1.3.9","v_1.4.0","v_1.4.1","v_1.4.10","v_1.4.11","v_1.4.3","v_1.4.4","v_1.4.5","v_1.4.6","v_1.4.7","v_1.4.8","v_1.4.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6378.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}