Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

CVE-2018-8088 affecting slf4j <= before 1.8.0-beta2 #5

Open
cdanger opened this issue Dec 21, 2018 · 0 comments
Open

CVE-2018-8088 affecting slf4j <= before 1.8.0-beta2 #5

cdanger opened this issue Dec 21, 2018 · 0 comments
Assignees
@cdanger
Labels
security

Comments

@cdanger
Copy link
Member

cdanger commented Dec 21, 2018

Vulnerability reported by owasp dependency-check on slf4j-api dependency:

jul-to-slf4j-1.7.25.jar (org.slf4j:jul-to-slf4j:1.7.25, cpe:/a:slf4j:slf4j:1.7.25) : CVE-2018-8088
log4j-over-slf4j-1.7.25.jar (org.slf4j:log4j-over-slf4j:1.7.25, cpe:/a:slf4j:slf4j:1.7.25) : CVE-2018-8088
slf4j-api-1.7.25.jar (org.slf4j:slf4j-api:1.7.25, cpe:/a:slf4j:slf4j:1.7.25) : CVE-2018-8088
jcl-over-slf4j-1.7.25.jar (org.slf4j:jcl-over-slf4j:1.7.25, cpe:/a:slf4j:slf4j:1.7.25) : CVE-2018-8088

Fix it with the next stable release of slf4j-api (as of writing: 1.8.0-beta2).
@cdanger cdanger self-assigned this Dec 21, 2018
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@cdanger cdanger

Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cdanger