Vulnerability in Logback's JaninoEventEvaluator Allows Code Execution
CVE-2024-12798

Currently unrated

Key Information:

Vendor: Qos.ch Sarl
Status: Logback-core
Vendor: CVE Published:; 19 December 2024

🔔 Create Qos.ch Sarl Vulnerability Alert

What is CVE-2024-12798?

CVE-2024-12798 is a critical vulnerability within the JaninoEventEvaluator of QOS.CH's logback-core library, affecting all versions up to and including 1.5.12. This vulnerability allows an attacker to execute arbitrary code by leveraging a compromised logback configuration file or by injecting a malicious environment variable before program execution. Successful exploitation requires the attacker to have write access to the logback configuration file or the capability to influence environment variables associated with the Java application. Without proper mitigation, this flaw poses a significant risk to the security of applications that use the affected versions of logback-core.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Logback-core 0.9 <= 1.5.12

Logback-core 1.5.13

References

https://logback.qos.ch/news.html#1.5.13

Timeline

Vulnerability published
Dec 19, 2024
Vulnerability Reserved
Dec 19, 2024

Credit

7asecurity

JSON

Qos.ch Sarl