Bug#857343: closed by Markus Koschany (Bug#857343: fixed in logback 1:1.1.9-2)

Thu, 30 Mar 2017 23:13:33 -0700 

Hi,
I  have made a quick and dirty POC for this issue.
This results in a remote code execution in the JVM that exposes a ServerSocketReceiver. 

Unfortunately, logback 1:1.1.9-2 is still vulnerable, not 1.2.x.

The POC is available on demand.

Regards,
Fabrice Dagorn























					Reply via email to