[slf4j-dev] [JIRA] (SLF4J-451) org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.

QOS.CH (JIRA) noreply-jira at qos.ch
Tue Feb 19 09:15:00 CET 2019


    [ https://jira.qos.ch/browse/SLF4J-451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19432#comment-19432 ] 

Federico Fissore commented on SLF4J-451:
----------------------------------------

Please check again, it's available now. Between deploy to central and public availability, maven servers have to sync and that may take some hours

> org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SLF4J-451
>                 URL: https://jira.qos.ch/browse/SLF4J-451
>             Project: SLF4J
>          Issue Type: Bug
>          Components: slf4j-ext
>    Affects Versions: 1.8.0-beta2
>         Environment: Linux 
>            Reporter: Narayan
>            Assignee: SLF4J developers list
>              Labels: logging
>
> More details is available in [https://nvd.nist.gov/vuln/detail/CVE-2018-8088|https://nvd.nist.gov/vuln/detail/CVE-2018-8088#VulnChangeHistorySection]



--
This message was sent by Atlassian JIRA
(v7.3.1#73012)


More information about the slf4j-dev mailing list