Tal Ron created TINKERPOP-3050:
----------------------------------
Summary: severity security vulnerability in logback-core
Key: TINKERPOP-3050
URL: https://issues.apache.org/jira/browse/TINKERPOP-3050
Project: TinkerPop
Issue Type: Bug
Components: console
Affects Versions: 3.6.6
Reporter: Tal Ron
used logback-core version is: 1.2.11-
[CVE-2023-6378|https://github.com/advisories/GHSA-vmq6-5m68-f53m]
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6378]
[https://github.com/advisories/GHSA-vmq6-5m68-f53m]
I see that even latest v1.2.13 has security issue:
[https://mvnrepository.com/artifact/ch.qos.logback/logback-core]
1.3.12, 1.3.14, 1.4.12 and latest 1.4.14 are currently safe
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
