CVE-2018-8088
ADVISORY - githubSummary
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta4 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J version 1.7.26 and later and in the 2.0.x series.
Note that while the fix commit is associated with the tag 1.8.0-beta3, the versions in Maven go directly from 1.8.0-beta2 to 1.8.0-beta4.
EPSS Score: 0.00836 (0.737)
Common Weakness Enumeration (CWE)
ADVISORY - nist
ADVISORY - github
Improper Access Control
ADVISORY - gitlab
ADVISORY - redhat
Deserialization of Untrusted Data
NIST
CREATED
UPDATED
ADVISORY IDCVE-2018-8088
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
9.8criticalGitHub
CREATED
UPDATED
ADVISORY IDGHSA-w77p-8cfg-2x43
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
9.8criticalDebian
CREATED
UPDATED
ADVISORY IDCVE-2018-8088
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2018-8088
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
9.8mediumAmazon
CREATED
UPDATED
ADVISORY IDALAS2-2018-999
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2018-8088
EXPLOITABILITY SCORE
2.2
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
8.1highOracle
CREATED
UPDATED
ADVISORY IDELSA-2018-0592
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-