[MAVEN:GHSA-W77P-8CFG-2X43] Improper Access Control in SLF4J
Severity
Critical
Affected Packages
2
Fixed Packages
2
CVEs
1
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta4
allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J version 1.7.26
and later and in the 2.0.x
series.
Note that while the fix commit is associated with the tag 1.8.0-beta3
, the versions in Maven go directly from 1.8.0-beta2
to 1.8.0-beta4
.
Package | Affected Version |
---|---|
pkg:maven/org.slf4j/slf4j-ext | >= 1.8.0-alpha0, <= 1.8.0-beta2 |
pkg:maven/org.slf4j/slf4j-ext | <= 1.7.25 |
Package | Fixed Version |
---|---|
pkg:maven/org.slf4j/slf4j-ext | = 1.8.0-beta4 |
pkg:maven/org.slf4j/slf4j-ext | = 1.7.26 |
- ID
- MAVEN:GHSA-W77P-8CFG-2X43
- Severity
- critical
- URL
- https://github.com/advisories/GHSA-w77p-8cfg-2x43
- Published
-
2022-05-13T01:04:09
(2 years ago) - Modified
-
2023-12-29T00:13:58
(8 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.slf4j/slf4j-ext | org.slf4j | slf4j-ext | >= 1.8.0-alpha0 <= 1.8.0-beta2 | |||
Fixed | pkg:maven/org.slf4j/slf4j-ext | org.slf4j | slf4j-ext | = 1.8.0-beta4 | |||
Affected | pkg:maven/org.slf4j/slf4j-ext | org.slf4j | slf4j-ext | <= 1.7.25 | |||
Fixed | pkg:maven/org.slf4j/slf4j-ext | org.slf4j | slf4j-ext | = 1.7.26 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |