CVE-2024-12798 | QOS Logback-core up to 1.5.12 JaninoEventEvaluator expression language injection

Posted by Angelo Barbosa | Dec 19, 2024 | CVE

A vulnerability was found in QOS Logback-core up to 1.5.12. It has been rated as critical. This issue affects some unknown processing of the component JaninoEventEvaluator. The manipulation leads to improper neutralization of special elements used in an expression language statement.

The identification of this vulnerability is CVE-2024-12798. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-12798 | QOS Logback-core up to 1.5.12 JaninoEventEvaluator expression language injection

Related Posts

CVE-2024-10289 | LocalServer 1.0.9 /mlss/ManageSubscription MSubListName cross site scripting

CVE-2023-24330 | D-Link DIR-882 FW130B06 POST Request /HNAP1/ command injection

CVE-2023-45066 | Smackcoders Export All Plugin up to 2.4.1 on WordPress information disclosure

CVE-2024-30112 | HCL Connections 7.0/8.0 cross site scripting (KB0114148)