[CVE-2023-6378] - New vulnerability has been discovered
Vladyslav-IA opened this issue · comments
Vladyslav-IA commented
The new vulnerability has been discovered [CVE-2023-6378]. It comes from logback-core that is used in your application.
It presents in all including the latest version https://mvnrepository.com/artifact/net.logstash.logback/logstash-logback-encoder/7.4
Could you please upgrade logback-core to latest version? Thank you!
Phil Clay commented
Until the version is bumped in logstash-logback-encoder, you can directly depend on the newer logback version in your application, or use dependencyManagement as described in Including it in your project
Vladyslav-IA commented
A new, very similar vulnerability has been discovered CVE-2023-6481