Uploaded image for project: 'logback'
  1. logback
  2. LOGBACK-1591 Possibility of vulnerability - registered as CVE-2021-42550
  3. LOGBACK-1593

sessionViaJNDI function of SMTPAppender may suffers from jndi injections

    XMLWordPrintable

    Details

      Description

      Hello friend! Similar to CVE-2021-4104, in logback's SMTPAppender, it is possible to override the configuration to enable sessionViaJNDI and specify jndiLocation as a malicious jndi server, leading to jndi injection and even RCE. more details in the attached pdf

        Attachments

          Activity

            People

            Assignee:
            ceki Ceki Gülcü
            Reporter:
            Diggid Diggid
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: