CVE-2023-6481

Name of the Vulnerable Software and Affected Versions logback versions 1.2.12 through 1.4.13 Bitbucket Data Center and Server versions 7.21.0 through 8.16.0 Confluence Data Center and Server versions 6.0.1 through 8.7.1

Description A serialization vulnerability in the logback receiver component allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This issue has no impact on confidentiality, no impact on integrity, but a high impact on availability, and requires no user interaction.

Recommendations For logback versions 1.2.12 through 1.4.13, upgrade to a version later than 1.4.13. For Bitbucket Data Center and Server version 7.21, upgrade to a release greater than or equal to 7.21.19. For Bitbucket Data Center and Server version 8.9, upgrade to a release greater than or equal to 8.9.9. For Bitbucket Data Center and Server version 8.13, upgrade to a release greater than or equal to 8.13.5. For Bitbucket Data Center and Server version 8.14, upgrade to a release greater than or equal to 8.14.4. For Bitbucket Data Center version 8.15, upgrade to a release greater than or equal to 8.15.3. For Bitbucket Data Center version 8.16, upgrade to a release greater than or equal to 8.16.2. For Confluence Data Center, upgrade to the latest version, or to one of the specified supported fixed versions. For Confluence Server, upgrade to the latest 8.5.x LTS version, or to one of the specified supported fixed versions.