CVE-2018-8088
ADVISORY - githubSummary
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta4
allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J version 1.7.26
and later and in the 2.0.x
series.
Note that while the fix commit is associated with the tag 1.8.0-beta3
, the versions in Maven go directly from 1.8.0-beta2
to 1.8.0-beta4
.
EPSS Score: 0.00836 (0.736)
Common Weakness Enumeration (CWE)
ADVISORY - nist
ADVISORY - github
Improper Access Control
ADVISORY - gitlab
ADVISORY - redhat
Deserialization of Untrusted Data
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in