admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-12801.md

19 lines
877 B
Markdown
Raw Normal View History

Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00
### [CVE-2024-12801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12801)
![](https://img.shields.io/static/v1?label=Product&message=logback&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen)
### Description
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12  on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML.The attacks involves the modification of DOCTYPE declaration in  XML configuration files.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/Lore-Ferra/Progetto_SSDLC_Ferrari_Lorenzo
- https://github.com/diegopacheco/Smith
Reference in New Issue Copy Permalink