Heihu577

**Name of the Vulnerable Software and Affected Versions** logback-core versions up to and including 1.5.18 **Description** A flaw exists in the conditional configuration file processing within logback-core, potentially allowing an attacker to execute arbitrary code. This is possible by compromising an existing logback configuration file or injecting a malicious environment variable before program execution. Successful exploitation requires the presence of the Janino library and the Spring Framework on the user's class path, as well as write access to a configuration file or the ability to inject a malicious environment variable. The issue involves the `QOS.CH` component. **Recommendations** Update logback-core to a version later than 1.5.18.