CVE-2023-6481 – Logback "receiver" DOS vulnerability CVE-2023-6378 incomplete fix

https://notcve.org/view.php?id=CVE-2023-6481

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. Una vulnerabilidad de serialización en el componente Logback Receiver. Las versiones 1.4.13, 1.3.13 y 1.2.12 de Logback permite a un atacante montar un ataque de denegación de servicio enviando datos envenenados. A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via the logback receiver component. • https://logback.qos.ch/news.html#1.3.12 https://logback.qos.ch/news.html#1.3.14 https://access.redhat.com/security/cve/CVE-2023-6481 https://bugzilla.redhat.com/show_bug.cgi?id=2252956 • CWE-400: Uncontrolled Resource Consumption •