[ https://jira.qos.ch/browse/SLF4J-451?page=com.atlassian.jira.plugin.system.i... ] Igor Stepanov commented on SLF4J-451: ------------------------------------- Same is reproducible for {{1.7.25}}. It's detected by {{org.owasp:dependency-check-maven:check}} maven command. We get next output after the check: {code} slf4j-api-1.7.25.jar (org.slf4j:slf4j-api:1.7.25, cpe:/a:slf4j:slf4j:1.7.25) : CVE-2018-8088 {code}
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. -------------------------------------------------------------------------------------------------------------------------------------------------------------------
Key: SLF4J-451 URL: https://jira.qos.ch/browse/SLF4J-451 Project: SLF4J Issue Type: Bug Components: slf4j-ext Affects Versions: 1.8.0-beta2 Environment: Linux Reporter: Narayan Assignee: SLF4J developers list Labels: logging
More details is available in [https://nvd.nist.gov/vuln/detail/CVE-2018-8088|https://nvd.nist.gov/vuln/detail/CVE-2018-8088#VulnChangeHistorySection]
-- This message was sent by Atlassian JIRA (v7.3.1#73012)