We are migrating this Jira service to Github. Issue creation is no longer possible on this server and must be done on Github. However, you may browse issues without an account. Editing or commenting on existing issues requires an account.

Please support SLF4J/logback/reload4j projects via Github donations and sponsorship.

Details

    Description

      Hello friend! Similar to CVE-2021-4104, in logback's SMTPAppender, it is possible to override the configuration to enable sessionViaJNDI and specify jndiLocation as a malicious jndi server, leading to jndi injection and even RCE. more details in the attached pdf

      Attachments

        Activity

          Loading...
          We are migrating this Jira service to Github. Issue creation is no longer possible on this server and must be done on Github. However, you may browse issues without an account. Editing or commenting on existing issues requires an account.

          Please support SLF4J/logback/reload4j projects via Github donations and sponsorship.

          Details

            Description

              Hello friend! Similar to CVE-2021-4104, in logback's SMTPAppender, it is possible to override the configuration to enable sessionViaJNDI and specify jndiLocation as a malicious jndi server, leading to jndi injection and even RCE. more details in the attached pdf

              Attachments

                Activity

                  People

                    ceki Ceki Gülcü
                    Diggid Diggid
                    Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                      Created:
                      Updated:

                      People

                        ceki Ceki Gülcü
                        Diggid Diggid
                        Votes:
                        0 Vote for this issue
                        Watchers:
                        2 Start watching this issue

                        Dates

                          Created:
                          Updated: