com.github.tony19:logback-android : 2.0.0
Jira tickets are reserved for reporting bugs and not a support forum. Comments out of place will be deleted.
CVE-2021-42550 has been assigned.
The vulnerability is considered to pose a lesser threat than log4shell because it requires access to logback's configuration file by the attacker, sign of an already compromised system.
This CVE-2021-42550 is intended to prevent an escalation of an existing flaw to a higher threat level.
Logback should not be a vector in making an RCE possible even as a stepping stone for the attacker exploiting a prior existing vulnerability (in a different part of the system).