QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
https://logback.qos.ch/news.html
https://access.redhat.com/errata/RHSA-2018:2927
https://access.redhat.com/errata/RHSA-2017:1832