CVE-2023-6481: 
Java vulnerability analysis and mitigation

A serialization vulnerability was discovered in the logback receiver component affecting logback versions 1.4.13, 1.3.13, and 1.2.12. The vulnerability was assigned CVE-2023-6481 and was publicly disclosed on December 4, 2023. The affected component allows an attacker to mount a Denial-of-Service attack by sending poisoned data (NVD, MITRE).

The vulnerability exists in the logback receiver component and is related to improper handling of serialized data. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The attack vector is network-accessible, requires low complexity, needs no privileges or user interaction, and has a high impact on availability (Ubuntu).

The primary impact of this vulnerability is on system availability. When successfully exploited, an attacker can cause a Denial-of-Service condition in the affected logback receiver component. The vulnerability affects the availability of the system while maintaining no impact on confidentiality or integrity (Ubuntu).

The vulnerability has been fixed in logback versions 1.3.14, 1.4.14, and 1.2.13. Users are strongly encouraged to upgrade to these versions or later to address the vulnerability. The fixes have been backported to the 1.2.x branch and require Java 9 or later to be effective (Logback News).