Ceki Gülcü

**Name of the Vulnerable Software and Affected Versions** logback versions 1.2.7 and prior **Description** The issue is related to the deserialization mechanism in the logback library, which can be exploited by an attacker with the required privileges to edit configuration files. This could allow the execution of arbitrary code loaded from LDAP servers. An attacker could craft a malicious configuration to achieve this. **Recommendations** For logback versions 1.2.7 and prior, upgrade to version 1.2.8 and disable all the lookup code as a recommended fix. As a temporary workaround, consider restricting access to configuration files to prevent malicious edits. Additionally, disabling the use of LDAP servers for code loading can help minimize the risk of exploitation until the issue is fully resolved.