GHSA-w77p-8cfg-2x43

Опубликовано: 13 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Improper Access Control in SLF4J

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta4 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J version 1.7.26 and later and in the 2.0.x series.

Note that while the fix commit is associated with the tag 1.8.0-beta3, the versions in Maven go directly from 1.8.0-beta2 to 1.8.0-beta4.

Ссылки

Пакеты

Наименование

org.slf4j:slf4j-ext

maven

Затронутые версииВерсия исправления

<= 1.7.25

1.7.26

Наименование

org.slf4j:slf4j-ext

maven

Затронутые версииВерсия исправления

>= 1.8.0-alpha0, <= 1.8.0-beta2

1.8.0-beta4

EPSS

Процентиль: 74%

0.00836

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2018-8088

Дефекты

CWE-284

Связанные уязвимости

CVE-2018-8088

CVSS3: 9.8

ubuntu

больше 7 лет назад

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.