{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright © Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12798.json" } ], "title": "logback-core: arbitrary code execution via JaninoEventEvaluator", "tracking": { "current_release_date": "2025-02-07T06:13:00+00:00", "generator": { "date": "2025-02-07T06:13:00+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.3.0" } }, "id": "CVE-2024-12798", "initial_release_date": "2024-12-19T15:14:21.598000+00:00", "revision_history": [ { "date": "2024-12-19T15:14:21.598000+00:00", "number": "1", "summary": "Initial version" }, { "date": "2025-01-30T13:58:58+00:00", "number": "2", "summary": "Current version" }, { "date": "2025-02-07T06:13:00+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AMQ Clients", "product": { "name": "AMQ Clients", "product_id": "amq_clients", "product_identification_helper": { "cpe": "cpe:/a:redhat:amq_clients:2023" } } } ], "category": "product_family", "name": "AMQ Clients" }, { "branches": [ { "category": "product_name", "name": "A-MQ Clients 2", "product": { "name": "A-MQ Clients 2", "product_id": "a-mq_clients_2", "product_identification_helper": { "cpe": "cpe:/a:redhat:a_mq_clients:2" } } } ], "category": "product_family", "name": "A-MQ Clients 2" }, { "branches": [ { "category": "product_name", "name": "Logging Subsystem for Red Hat OpenShift", "product": { "name": "Logging Subsystem for Red Hat OpenShift", "product_id": "logging_subsystem_for_red_hat_openshift", "product_identification_helper": { "cpe": "cpe:/a:redhat:logging:5" } } } ], "category": "product_family", "name": "Logging Subsystem for Red Hat OpenShift" }, { "branches": [ { "category": "product_name", "name": "Red Hat AMQ Broker 7", "product": { "name": "Red Hat AMQ Broker 7", "product_id": "red_hat_amq_broker_7", "product_identification_helper": { "cpe": "cpe:/a:redhat:amq_broker:7" } } } ], "category": "product_family", "name": "Red Hat AMQ Broker 7" }, { "branches": [ { "category": "product_name", "name": "Red Hat build of Apache Camel - HawtIO", "product": { "name": "Red Hat build of Apache Camel - HawtIO", "product_id": "red_hat_build_of_apache_camel_-_hawtio", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhboac_hawtio:4" } } } ], "category": "product_family", "name": "Red Hat build of Apache Camel - HawtIO" }, { "branches": [ { "category": "product_name", "name": "Red Hat build of Debezium", "product": { "name": "Red Hat build of Debezium", "product_id": "red_hat_build_of_debezium", "product_identification_helper": { "cpe": "cpe:/a:redhat:debezium:2" } } } ], "category": "product_family", "name": "Red Hat build of Debezium" }, { "branches": [ { "category": "product_name", "name": "Red Hat Build of Keycloak", "product": { "name": "Red Hat Build of Keycloak", "product_id": "red_hat_build_of_keycloak", "product_identification_helper": { "cpe": "cpe:/a:redhat:build_keycloak:" } } } ], "category": "product_family", "name": "Red Hat Build of Keycloak" }, { "branches": [ { "category": "product_name", "name": "Red Hat build of OptaPlanner 8", "product": { "name": "Red Hat build of OptaPlanner 8", "product_id": "red_hat_build_of_optaplanner_8", "product_identification_helper": { "cpe": "cpe:/a:redhat:optaplanner:::el6" } } } ], "category": "product_family", "name": "Red Hat build of OptaPlanner 8" }, { "branches": [ { "category": "product_name", "name": "Red Hat Data Grid 8", "product": { "name": "Red Hat Data Grid 8", "product_id": "red_hat_data_grid_8", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_data_grid:8" } } } ], "category": "product_family", "name": "Red Hat Data Grid 8" }, { "branches": [ { "category": "product_name", "name": "Red Hat Fuse 7", "product": { "name": "Red Hat Fuse 7", "product_id": "red_hat_fuse_7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_fuse:7" } } } ], "category": "product_family", "name": "Red Hat Fuse 7" }, { "branches": [ { "category": "product_name", "name": "Red Hat Integration Camel K", "product": { "name": "Red Hat Integration Camel K", "product_id": "red_hat_integration_camel_k", "product_identification_helper": { "cpe": "cpe:/a:redhat:integration:1" } } } ], "category": "product_family", "name": "Red Hat Integration Camel K" }, { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Data Grid 7", "product": { "name": "Red Hat JBoss Data Grid 7", "product_id": "red_hat_jboss_data_grid_7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_data_grid:7" } } } ], "category": "product_family", "name": "Red Hat JBoss Data Grid 7" }, { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7", "product_id": "red_hat_jboss_enterprise_application_platform_7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform 7" }, { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 8", "product": { "name": "Red Hat JBoss Enterprise Application Platform 8", "product_id": "red_hat_jboss_enterprise_application_platform_8", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform 8" }, { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "product": { "name": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "product_id": "red_hat_jboss_enterprise_application_platform_expansion_pack", "product_identification_helper": { "cpe": "cpe:/a:redhat:jbosseapxp" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform Expansion Pack" }, { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Web Server 6", "product": { "name": "Red Hat JBoss Web Server 6", "product_id": "red_hat_jboss_web_server_6", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server 6" }, { "branches": [ { "category": "product_name", "name": "Red Hat Process Automation 7", "product": { "name": "Red Hat Process Automation 7", "product_id": "red_hat_process_automation_7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" } } } ], "category": "product_family", "name": "Red Hat Process Automation 7" }, { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7", "product": { "name": "Red Hat Single Sign-On 7", "product_id": "red_hat_single_sign-on_7", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On 7" }, { "branches": [ { "category": "product_name", "name": "streams for Apache Kafka", "product": { "name": "streams for Apache Kafka", "product_id": "streams_for_apache_kafka", "product_identification_helper": { "cpe": "cpe:/a:redhat:amq_streams:1" } } } ], "category": "product_family", "name": "streams for Apache Kafka" }, { "branches": [ { "category": "product_name", "name": "Red Hat build of Apache Camel 4.8.3 for Spring Boot", "product": { "name": "Red Hat build of Apache Camel 4.8.3 for Spring Boot", "product_id": "Red Hat build of Apache Camel 4.8.3 for Spring Boot", "product_identification_helper": { "cpe": "cpe:/a:redhat:apache_camel_spring_boot:4.8.3" } } } ], "category": "product_family", "name": "Red Hat Build of Apache Camel" }, { "category": "product_version", "name": "ch.qos.logback/logback-core", "product": { "name": "ch.qos.logback/logback-core", "product_id": "ch.qos.logback/logback-core" } } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ch.qos.logback/logback-core as a component of A-MQ Clients 2", "product_id": "a-mq_clients_2:ch.qos.logback/logback-core" }, "product_reference": "ch.qos.logback/logback-core", "relates_to_product_reference": "a-mq_clients_2" }, { "category": "default_component_of", "full_product_name": { "name": "ch.qos.logback/logback-core as a component of AMQ Clients", "product_id": "amq_clients:ch.qos.logback/logback-core" }, "product_reference": "ch.qos.logback/logback-core", "relates_to_product_reference": "amq_clients" }, { "category": "default_component_of", "full_product_name": { "name": "ch.qos.logback/logback-core as a component of Logging Subsystem for Red Hat OpenShift", "product_id": "logging_subsystem_for_red_hat_openshift:ch.qos.logback/logback-core" }, "product_reference": "ch.qos.logback/logback-core", "relates_to_product_reference": "logging_subsystem_for_red_hat_openshift" }, { "category": "default_component_of", "full_product_name": { "name": "ch.qos.logback/logback-core as a component of Red Hat AMQ Broker 7", "product_id": "red_hat_amq_broker_7:ch.qos.logback/logback-core" }, "product_reference": "ch.qos.logback/logback-core", "relates_to_product_reference": "red_hat_amq_broker_7" }, { "category": "default_component_of", "full_product_name": { "name": "ch.qos.logback/logback-core as a component of Red Hat build of Apache Camel - HawtIO", "product_id": "red_hat_build_of_apache_camel_-_hawtio:ch.qos.logback/logback-core" }, "product_reference": "ch.qos.logback/logback-core", "relates_to_product_reference": "red_hat_build_of_apache_camel_-_hawtio" }, { "category": "default_component_of", "full_product_name": { "name": "ch.qos.logback/logback-core as a component of Red Hat build of Debezium", "product_id": "red_hat_build_of_debezium:ch.qos.logback/logback-core" }, "product_reference": "ch.qos.logback/logback-core", "relates_to_product_reference": "red_hat_build_of_debezium" }, { "category": "default_component_of", "full_product_name": { "name": "ch.qos.logback/logback-core as a component of Red Hat Build of Keycloak", "product_id": "red_hat_build_of_keycloak:ch.qos.logback/logback-core" }, "product_reference": "ch.qos.logback/logback-core", "relates_to_product_reference": "red_hat_build_of_keycloak" }, { "category": "default_component_of", "full_product_name": { "name": "ch.qos.logback/logback-core as a component of Red Hat build of OptaPlanner 8", "product_id": "red_hat_build_of_optaplanner_8:ch.qos.logback/logback-core" }, "product_reference": "ch.qos.logback/logback-core", "relates_to_product_reference": "red_hat_build_of_optaplanner_8" }, { "category": "default_component_of", "full_product_name": { "name": "ch.qos.logback/logback-core as a component of Red Hat Data Grid 8", "product_id": "red_hat_data_grid_8:ch.qos.logback/logback-core" }, "product_reference": "ch.qos.logback/logback-core", "relates_to_product_reference": "red_hat_data_grid_8" }, { "category": "default_component_of", "full_product_name": { "name": "ch.qos.logback/logback-core as a component of Red Hat Fuse 7", "product_id": "red_hat_fuse_7:ch.qos.logback/logback-core" }, "product_reference": "ch.qos.logback/logback-core", "relates_to_product_reference": "red_hat_fuse_7" }, { "category": "default_component_of", "full_product_name": { "name": "ch.qos.logback/logback-core as a component of Red Hat Integration Camel K", "product_id": "red_hat_integration_camel_k:ch.qos.logback/logback-core" }, "product_reference": "ch.qos.logback/logback-core", "relates_to_product_reference": "red_hat_integration_camel_k" }, { "category": "default_component_of", "full_product_name": { "name": "ch.qos.logback/logback-core as a component of Red Hat JBoss Data Grid 7", "product_id": "red_hat_jboss_data_grid_7:ch.qos.logback/logback-core" }, "product_reference": "ch.qos.logback/logback-core", "relates_to_product_reference": "red_hat_jboss_data_grid_7" }, { "category": "default_component_of", "full_product_name": { "name": "ch.qos.logback/logback-core as a component of Red Hat JBoss Enterprise Application Platform 7", "product_id": "red_hat_jboss_enterprise_application_platform_7:ch.qos.logback/logback-core" }, "product_reference": "ch.qos.logback/logback-core", "relates_to_product_reference": "red_hat_jboss_enterprise_application_platform_7" }, { "category": "default_component_of", "full_product_name": { "name": "ch.qos.logback/logback-core as a component of Red Hat JBoss Enterprise Application Platform 8", "product_id": "red_hat_jboss_enterprise_application_platform_8:ch.qos.logback/logback-core" }, "product_reference": "ch.qos.logback/logback-core", "relates_to_product_reference": "red_hat_jboss_enterprise_application_platform_8" }, { "category": "default_component_of", "full_product_name": { "name": "ch.qos.logback/logback-core as a component of Red Hat JBoss Enterprise Application Platform Expansion Pack", "product_id": "red_hat_jboss_enterprise_application_platform_expansion_pack:ch.qos.logback/logback-core" }, "product_reference": "ch.qos.logback/logback-core", "relates_to_product_reference": "red_hat_jboss_enterprise_application_platform_expansion_pack" }, { "category": "default_component_of", "full_product_name": { "name": "ch.qos.logback/logback-core as a component of Red Hat JBoss Web Server 6", "product_id": "red_hat_jboss_web_server_6:ch.qos.logback/logback-core" }, "product_reference": "ch.qos.logback/logback-core", "relates_to_product_reference": "red_hat_jboss_web_server_6" }, { "category": "default_component_of", "full_product_name": { "name": "ch.qos.logback/logback-core as a component of Red Hat Process Automation 7", "product_id": "red_hat_process_automation_7:ch.qos.logback/logback-core" }, "product_reference": "ch.qos.logback/logback-core", "relates_to_product_reference": "red_hat_process_automation_7" }, { "category": "default_component_of", "full_product_name": { "name": "ch.qos.logback/logback-core as a component of Red Hat Single Sign-On 7", "product_id": "red_hat_single_sign-on_7:ch.qos.logback/logback-core" }, "product_reference": "ch.qos.logback/logback-core", "relates_to_product_reference": "red_hat_single_sign-on_7" }, { "category": "default_component_of", "full_product_name": { "name": "ch.qos.logback/logback-core as a component of streams for Apache Kafka", "product_id": "streams_for_apache_kafka:ch.qos.logback/logback-core" }, "product_reference": "ch.qos.logback/logback-core", "relates_to_product_reference": "streams_for_apache_kafka" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-12798", "cwe": { "id": "CWE-917", "name": "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')" }, "discovery_date": "2024-12-19T16:00:57.497241+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "red_hat_jboss_enterprise_application_platform_7:ch.qos.logback/logback-core", "red_hat_jboss_enterprise_application_platform_8:ch.qos.logback/logback-core", "red_hat_jboss_enterprise_application_platform_expansion_pack:ch.qos.logback/logback-core", "red_hat_jboss_web_server_6:ch.qos.logback/logback-core" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2333351" } ], "notes": [ { "category": "description", "text": "A flaw was found in Logback. This flaw allows a privileged attacker with write access to modify Logback configuration files or inject a malicious environment variable to execute arbitrary code via the JaninoEventEvaluator extension.", "title": "Vulnerability description" }, { "category": "summary", "text": "logback-core: arbitrary code execution via JaninoEventEvaluator", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.8.3 for Spring Boot" ], "known_affected": [ "a-mq_clients_2:ch.qos.logback/logback-core", "amq_clients:ch.qos.logback/logback-core", "logging_subsystem_for_red_hat_openshift:ch.qos.logback/logback-core", "red_hat_amq_broker_7:ch.qos.logback/logback-core", "red_hat_build_of_apache_camel_-_hawtio:ch.qos.logback/logback-core", "red_hat_build_of_debezium:ch.qos.logback/logback-core", "red_hat_build_of_keycloak:ch.qos.logback/logback-core", "red_hat_build_of_optaplanner_8:ch.qos.logback/logback-core", "red_hat_data_grid_8:ch.qos.logback/logback-core", "red_hat_fuse_7:ch.qos.logback/logback-core", "red_hat_integration_camel_k:ch.qos.logback/logback-core", "red_hat_jboss_data_grid_7:ch.qos.logback/logback-core", "red_hat_process_automation_7:ch.qos.logback/logback-core", "red_hat_single_sign-on_7:ch.qos.logback/logback-core", "streams_for_apache_kafka:ch.qos.logback/logback-core" ], "known_not_affected": [ "red_hat_jboss_enterprise_application_platform_7:ch.qos.logback/logback-core", "red_hat_jboss_enterprise_application_platform_8:ch.qos.logback/logback-core", "red_hat_jboss_enterprise_application_platform_expansion_pack:ch.qos.logback/logback-core", "red_hat_jboss_web_server_6:ch.qos.logback/logback-core" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-12798" }, { "category": "external", "summary": "RHBZ#2333351", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333351" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-12798", "url": "https://www.cve.org/CVERecord?id=CVE-2024-12798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12798" }, { "category": "external", "summary": "https://logback.qos.ch/news.html#1.5.13", "url": "https://logback.qos.ch/news.html#1.5.13" } ], "release_date": "2024-12-19T15:14:21.598000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2025-02-05T13:53:20+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.8.3 for Spring Boot" ], "url": "https://access.redhat.com/errata/RHSA-2025:1078" }, { "category": "no_fix_planned", "details": "Out of support scope", "product_ids": [ "red_hat_fuse_7:ch.qos.logback/logback-core" ] }, { "category": "no_fix_planned", "details": "Will not fix", "product_ids": [ "red_hat_build_of_debezium:ch.qos.logback/logback-core", "red_hat_data_grid_8:ch.qos.logback/logback-core" ] }, { "category": "none_available", "details": "Affected", "product_ids": [ "a-mq_clients_2:ch.qos.logback/logback-core", "amq_clients:ch.qos.logback/logback-core", "logging_subsystem_for_red_hat_openshift:ch.qos.logback/logback-core", "red_hat_amq_broker_7:ch.qos.logback/logback-core", "red_hat_build_of_apache_camel_-_hawtio:ch.qos.logback/logback-core", "red_hat_build_of_keycloak:ch.qos.logback/logback-core", "red_hat_build_of_optaplanner_8:ch.qos.logback/logback-core", "red_hat_integration_camel_k:ch.qos.logback/logback-core", "red_hat_jboss_data_grid_7:ch.qos.logback/logback-core", "red_hat_process_automation_7:ch.qos.logback/logback-core", "red_hat_single_sign-on_7:ch.qos.logback/logback-core", "streams_for_apache_kafka:ch.qos.logback/logback-core" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.8.3 for Spring Boot", "a-mq_clients_2:ch.qos.logback/logback-core", "amq_clients:ch.qos.logback/logback-core", "logging_subsystem_for_red_hat_openshift:ch.qos.logback/logback-core", "red_hat_amq_broker_7:ch.qos.logback/logback-core", "red_hat_build_of_apache_camel_-_hawtio:ch.qos.logback/logback-core", "red_hat_build_of_debezium:ch.qos.logback/logback-core", "red_hat_build_of_keycloak:ch.qos.logback/logback-core", "red_hat_build_of_optaplanner_8:ch.qos.logback/logback-core", "red_hat_data_grid_8:ch.qos.logback/logback-core", "red_hat_fuse_7:ch.qos.logback/logback-core", "red_hat_integration_camel_k:ch.qos.logback/logback-core", "red_hat_jboss_data_grid_7:ch.qos.logback/logback-core", "red_hat_jboss_enterprise_application_platform_7:ch.qos.logback/logback-core", "red_hat_jboss_enterprise_application_platform_8:ch.qos.logback/logback-core", "red_hat_jboss_enterprise_application_platform_expansion_pack:ch.qos.logback/logback-core", "red_hat_jboss_web_server_6:ch.qos.logback/logback-core", "red_hat_process_automation_7:ch.qos.logback/logback-core", "red_hat_single_sign-on_7:ch.qos.logback/logback-core", "streams_for_apache_kafka:ch.qos.logback/logback-core" ] } ], "threats": [ { "category": "impact", "details": "Moderate", "product_ids": [ "Red Hat build of Apache Camel 4.8.3 for Spring Boot", "a-mq_clients_2:ch.qos.logback/logback-core", "amq_clients:ch.qos.logback/logback-core", "logging_subsystem_for_red_hat_openshift:ch.qos.logback/logback-core", "red_hat_amq_broker_7:ch.qos.logback/logback-core", "red_hat_build_of_apache_camel_-_hawtio:ch.qos.logback/logback-core", "red_hat_build_of_debezium:ch.qos.logback/logback-core", "red_hat_build_of_keycloak:ch.qos.logback/logback-core", "red_hat_build_of_optaplanner_8:ch.qos.logback/logback-core", "red_hat_data_grid_8:ch.qos.logback/logback-core", "red_hat_fuse_7:ch.qos.logback/logback-core", "red_hat_integration_camel_k:ch.qos.logback/logback-core", "red_hat_jboss_data_grid_7:ch.qos.logback/logback-core", "red_hat_jboss_enterprise_application_platform_7:ch.qos.logback/logback-core", "red_hat_jboss_enterprise_application_platform_8:ch.qos.logback/logback-core", "red_hat_jboss_enterprise_application_platform_expansion_pack:ch.qos.logback/logback-core", "red_hat_jboss_web_server_6:ch.qos.logback/logback-core", "red_hat_process_automation_7:ch.qos.logback/logback-core", "red_hat_single_sign-on_7:ch.qos.logback/logback-core", "streams_for_apache_kafka:ch.qos.logback/logback-core" ] } ], "title": "logback-core: arbitrary code execution via JaninoEventEvaluator" } ] }