Home > Vulnerability Database > CVE-2024-12801

Mend.io Vulnerability Database

CVE-2024-12801

Good to know:

Date: December 19, 2024

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files.

Language: Java

Severity Score

4.4

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-12801

Url: https://logback.qos.ch/news.html#1.5.13

Url: https://github.com/qos-ch/logback

Url: https://logback.qos.ch/news.html#1.3.15

Url: https://github.com/qos-ch/logback/commit/5f05041cba4c4ac0a62748c5c527a2da48999f2d

Url: https://www.mend.io/vulnerability-database/CVE-2024-12801

Severity Score

4.4

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version ch.qos.logback:logback-core:1.3.15;ch.qos.logback:logback-core:1.5.13

Learn More

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-12801

Good to know:

Date: December 19, 2024

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?