-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| ch.qos.logback:logback-core | maven | = 1.4.13 | 1.4.14 |
| ch.qos.logback:logback-core | maven | = 1.3.13 | 1.3.14 |
| ch.qos.logback:logback-core | maven | = 1.2.12 | 1.2.13 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing initialization of the deserialization filter in HardenedObjectInputStream's constructor. The fix commit (7018a36) adds the missing initObjectFilter() call, and the accompanying test case demonstrates that without this fix, malicious HashSet structures could be deserialized (triggering HashDoS). The direct correlation between the missing filter initialization and the security test case confirms this as the root cause.
JavaJavaOngoing coverage of React2Shell