[ https://jira.qos.ch/browse/SLF4J-451?page=com.atlassian.jira.plugin.system.i... ] Kevin Wilson commented on SLF4J-451: ------------------------------------
It is irrelevent whether the vulnerability is really neither critical nor severe.
Agreed!!! Very nice account as to why this bug should be fixed and soon! Also, the primary maintainers need to include vulnerability scanning in their build pipeline to catch things like this before they are committed. The open source tools to have your code scanned on every build exists and are quite good, you simply have to use them.
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. -------------------------------------------------------------------------------------------------------------------------------------------------------------------
Key: SLF4J-451 URL: https://jira.qos.ch/browse/SLF4J-451 Project: SLF4J Issue Type: Bug Components: slf4j-ext Affects Versions: 1.8.0-beta2 Environment: Linux Reporter: Narayan Assignee: SLF4J developers list Labels: logging
More details is available in [https://nvd.nist.gov/vuln/detail/CVE-2018-8088|https://nvd.nist.gov/vuln/detail/CVE-2018-8088#VulnChangeHistorySection]
-- This message was sent by Atlassian JIRA (v7.3.1#73012)