Added CVE-2017-5929 per issue victims#76

cplvic · Mar 15, 2017 · 14a593c · 14a593c
1 parent 3044d9b
commit 14a593c
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/database/java/2017/5929.yaml b/database/java/2017/5929.yaml
@@ -0,0 +1,15 @@
+cve: 2017-5929
+title: "QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components."
+description: >
+    QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
+cvss_v2: 7.5
+references:
+    - https://logback.qos.ch/news.html
+    - http://www.cvedetails.com/cve/CVE-2017-5929/
+affected:
+    - groupId: "ch.qos.logback"
+      artifactId: "logback-core"
+      version:
+        - "<=1.2.0"
+      fixedin:
+        - ">=1.2.0"