[slf4j-dev] [JIRA] (SLF4J-451) org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.

4 Feb 2019


      [ https://jira.qos.ch/browse/SLF4J-451?page=com.atlassian.jira.plugin.system.i... ] 

Ceki Gülcü commented on SLF4J-451:
----------------------------------

The vulnerability is actually not severe.
...
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Key: SLF4J-451
                URL: https://jira.qos.ch/browse/SLF4J-451
            Project: SLF4J
         Issue Type: Bug
         Components: slf4j-ext
   Affects Versions: 1.8.0-beta2
        Environment: Linux 
           Reporter: Narayan
           Assignee: SLF4J developers list
             Labels: logging
More details is available in [https://nvd.nist.gov/vuln/detail/CVE-2018-8088|https://nvd.nist.gov/vuln/detail/CVE-2018-8088#VulnChangeHistorySection]
--
This message was sent by Atlassian JIRA
(v7.3.1#73012)

[slf4j-dev] [JIRA] (SLF4J-451) org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.

QOS.CH (JIRA)