[
https://jira.qos.ch/browse/SLF4J-451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19422#comment-19422
]
Kevin Wilson commented on SLF4J-451:
------------------------------------
>> It is irrelevent whether the vulnerability is really neither critical nor
>> severe.
Agreed!!! Very nice account as to why this bug should be fixed and soon! Also,
the primary maintainers need to include vulnerability scanning in their build
pipeline to catch things like this before they are committed. The open source
tools to have your code scanned on every build exists and are quite good, you
simply have to use them.
> org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before
> 1.8.0-beta2 allows remote attackers to bypass intended access restrictions
> via crafted data.
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: SLF4J-451
> URL: https://jira.qos.ch/browse/SLF4J-451
> Project: SLF4J
> Issue Type: Bug
> Components: slf4j-ext
> Affects Versions: 1.8.0-beta2
> Environment: Linux
> Reporter: Narayan
> Assignee: SLF4J developers list
> Labels: logging
>
> More details is available in
> [https://nvd.nist.gov/vuln/detail/CVE-2018-8088|https://nvd.nist.gov/vuln/detail/CVE-2018-8088#VulnChangeHistorySection]
--
This message was sent by Atlassian JIRA
(v7.3.1#73012)
_______________________________________________
slf4j-dev mailing list
slf4j-dev@qos.ch
http://mailman.qos.ch/mailman/listinfo/slf4j-dev
