Skip to content

[GHSA-jhq6-gfmj-v8fx] Logback vulnerable to Object Injection through HardenedObjectInputStream modules#8699

Open
lakunero wants to merge 1 commit into
lakunero/advisory-improvement-8699from
lakunero-GHSA-jhq6-gfmj-v8fx
Open

[GHSA-jhq6-gfmj-v8fx] Logback vulnerable to Object Injection through HardenedObjectInputStream modules#8699
lakunero wants to merge 1 commit into
lakunero/advisory-improvement-8699from
lakunero-GHSA-jhq6-gfmj-v8fx

Conversation

@lakunero

@lakunero lakunero commented Jul 14, 2026

Copy link
Copy Markdown

Updates

  • Affected products
  • CVSS v4
  • Severity

Comments
The vulnerability is fixed in version 1.5.34.

https://logback.qos.ch/news.html#1.5.34
https://github.com/qos-ch/logback/releases/tag/v_1.5.34

GitHub UI marked "score" value as invalid, could not submit the PR without making changes to it. That affected the calculation of the severity.

@github-actions github-actions Bot changed the base branch from main to lakunero/advisory-improvement-8699 July 14, 2026 06:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant