CVE-2023-6481 - Denial of Service (DoS)

Severity: None2024-02-19

Security Advisories

Abstract

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

The Oxygen products incorporate logback as a third-party libraries. This advisory was opened to address the potential impact of this third-party libraries vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Content Fusion v6.0 and olderNone N/A
Oxygen Feedback v4.0 and olderNone Oxygen Feedback 4.1 build 2024013118

Mitigation

None

Detail

CVE-2023-6481

Severity: High

CVSS Score: 7.5

The logback third-party libraries used by Oxygen XML products are an affected version mentioned in CVE-2023-6481 vulnerability description. However, Oxygen XML products do not use receiver component part of logback. For that reason, Oxygen XML products are not affected by this vulnerability.

List of Security Advisories