QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
https://access.redhat.com/errata/RHSA-2017:1675
https://access.redhat.com/errata/RHSA-2017:1676
https://access.redhat.com/errata/RHSA-2017:1832