Security Advisory

CVE-2024-12801

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-12-19 16:11:50

Last updated 2025-01-03 13:40:41

Assigner NCSC.ch

State PUBLISHED

Description

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files.

← Browse all CVEs View on cve.org ↗