Vulnerability-Lookup

GHSA-W77P-8CFG-2X43

Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-06-29 18:51

Summary

Improper Access Control in SLF4J

Details

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta4 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J version 1.7.26 and later and in the 2.0.x series.

Note that while the fix commit is associated with the tag 1.8.0-beta3, the versions in Maven go directly from 1.8.0-beta2 to 1.8.0-beta4.

Severity

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.7.25"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.slf4j:slf4j-ext"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.7.26"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.8.0-beta2"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.slf4j:slf4j-ext"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.8.0-alpha0"
            },
            {
              "fixed": "1.8.0-beta4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-8088"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-29T18:51:39Z",
    "nvd_published_at": "2018-03-20T16:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before `1.8.0-beta4` allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J version `1.7.26` and later and in the `2.0.x` series.\n\nNote that while the [fix commit](https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405) is associated with the tag `1.8.0-beta3`, the versions in [Maven](https://mvnrepository.com/artifact/org.slf4j/slf4j-ext) go directly from `1.8.0-beta2` to `1.8.0-beta4`.",
  "id": "GHSA-w77p-8cfg-2x43",
  "modified": "2022-06-29T18:51:39Z",
  "published": "2022-05-13T01:04:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a@%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991@%3Ccommon-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991%40%3Ccommon-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042@%3Ccommits.iotdb.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042%40%3Ccommits.iotdb.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa@%3Cdev.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa%40%3Cdev.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729@%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729%40%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25@%3Cnotifications.logging.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25%40%3Cnotifications.logging.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0@%3Ccommon-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0%40%3Ccommon-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541@%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541%40%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3@%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3%40%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e@%3Creviews.iotdb.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://www.slf4j.org/news.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20231227-0010"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264@%3Ccommon-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264%40%3Ccommon-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9@%3Creviews.iotdb.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9%40%3Creviews.iotdb.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c@%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c%40%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378@%3Ccommon-dev.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378%40%3Ccommon-dev.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462@%3Ccommon-commits.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462%40%3Ccommon-commits.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78@%3Ccommon-commits.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78%40%3Ccommon-commits.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db@%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db%40%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2669"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2420"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2419"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2143"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1575"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1525"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1451"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1450"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1449"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1448"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1447"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1323"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1251"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1249"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1248"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1247"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0630"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0629"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0628"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0627"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0592"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0582"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e%40%3Creviews.iotdb.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5@%3Creviews.iotdb.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5%40%3Creviews.iotdb.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56@%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42@%3Creviews.iotdb.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42%40%3Creviews.iotdb.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe@%3Cnotifications.iotdb.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe%40%3Cnotifications.iotdb.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489@%3Ccommon-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489%40%3Ccommon-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa@%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa@%3Cdevnull.infra.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa%40%3Cdevnull.infra.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f@%3Cdevnull.infra.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f%40%3Cdevnull.infra.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://jira.qos.ch/browse/SLF4J-431"
    },
    {
      "type": "WEB",
      "url": "https://jira.qos.ch/browse/SLF4J-430"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3140"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2413"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2930"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103737"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040627"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Access Control in SLF4J"
}

CVE-2018-8088 (GCVE-0-2018-8088)

Vulnerability from cvelistv5 – Published: 2018-03-20 00:00 – Updated: 2024-08-05 06:46

Summary

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

63 references

URL	Tags
https://access.redhat.com/errata/RHSA-2018:1448	vendor-advisory
http://www.securitytracker.com/id/1040627	vdb-entry
https://access.redhat.com/errata/RHSA-2018:1449	vendor-advisory
https://jira.qos.ch/browse/SLF4J-431
https://access.redhat.com/errata/RHSA-2018:1248	vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1251	vendor-advisory
https://access.redhat.com/errata/RHSA-2018:2143	vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1450	vendor-advisory
https://access.redhat.com/errata/RHSA-2018:2669	vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1323	vendor-advisory
https://access.redhat.com/errata/RHSA-2018:2420	vendor-advisory
https://access.redhat.com/errata/RHSA-2018:0630	vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1525	vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1575	vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1451	vendor-advisory
https://access.redhat.com/errata/RHSA-2018:0629	vendor-advisory
https://access.redhat.com/errata/RHSA-2018:0628	vendor-advisory
https://access.redhat.com/errata/RHSA-2018:0582	vendor-advisory
http://www.securityfocus.com/bid/103737	vdb-entry
https://access.redhat.com/errata/RHSA-2018:2419	vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1447	vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1247	vendor-advisory
https://access.redhat.com/errata/RHSA-2018:0627	vendor-advisory
https://access.redhat.com/errata/RHSA-2018:2930	vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1249	vendor-advisory
https://access.redhat.com/errata/RHSA-2018:0592	vendor-advisory
https://lists.apache.org/thread.html/956ba8e76b67…	mailing-list
https://lists.apache.org/thread.html/95ce76613c86…	mailing-list
https://access.redhat.com/errata/RHSA-2019:2413	vendor-advisory
https://access.redhat.com/errata/RHSA-2019:3140	vendor-advisory
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advis…
https://jira.qos.ch/browse/SLF4J-430
https://github.com/qos-ch/slf4j/commit/d2b27fba88…
https://lists.apache.org/thread.html/reb3eeb985af…	mailing-list
https://lists.apache.org/thread.html/raabf1a00b26…	mailing-list
https://lists.apache.org/thread.html/r767861f053c…	mailing-list
https://lists.apache.org/thread.html/rfe52b7cbba4…	mailing-list
https://lists.apache.org/thread.html/rd86db967915…	mailing-list
https://lists.apache.org/thread.html/r1660c72a660…	mailing-list
https://lists.apache.org/thread.html/re6fb6b0de9d…	mailing-list
https://lists.apache.org/thread.html/r81711cde77c…	mailing-list
https://www.oracle.com/security-alerts/cpuoct2020.html
https://lists.apache.org/thread.html/rd0e44e8ef71…	mailing-list
https://lists.apache.org/thread.html/r9584c4304c8…	mailing-list
https://lists.apache.org/thread.html/r17e7e6abc53…	mailing-list
https://lists.apache.org/thread.html/r37644f0a00a…	mailing-list
https://lists.apache.org/thread.html/r2d05924f903…	mailing-list
https://lists.apache.org/thread.html/r48247c12cf6…	mailing-list
https://lists.apache.org/thread.html/r0f376559fd3…	mailing-list
https://lists.apache.org/thread.html/r32be21da011…	mailing-list
https://lists.apache.org/thread.html/rf58e1bee31d…	mailing-list
https://lists.apache.org/thread.html/rc378b97d528…	mailing-list
https://lists.apache.org/thread.html/rfb45527bad7…	mailing-list
https://lists.apache.org/thread.html/r9e254966080…	mailing-list
https://lists.apache.org/thread.html/r99a6552e45c…	mailing-list
https://lists.apache.org/thread.html/r573eb577a67…	mailing-list
https://lists.apache.org/thread.html/r891761d5014…	mailing-list
https://lists.apache.org/thread.html/rc7de83170d3…	mailing-list
https://lists.apache.org/thread.html/r5cf87a035b2…	mailing-list
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.slf4j.org/news.html
https://security.netapp.com/advisory/ntap-2023122…

Date Public

2018-03-20 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:12.940Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:1448",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1448"
          },
          {
            "name": "1040627",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040627"
          },
          {
            "name": "RHSA-2018:1449",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1449"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.qos.ch/browse/SLF4J-431"
          },
          {
            "name": "RHSA-2018:1248",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1248"
          },
          {
            "name": "RHSA-2018:1251",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1251"
          },
          {
            "name": "RHSA-2018:2143",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2143"
          },
          {
            "name": "RHSA-2018:1450",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1450"
          },
          {
            "name": "RHSA-2018:2669",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2669"
          },
          {
            "name": "RHSA-2018:1323",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1323"
          },
          {
            "name": "RHSA-2018:2420",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2420"
          },
          {
            "name": "RHSA-2018:0630",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0630"
          },
          {
            "name": "RHSA-2018:1525",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1525"
          },
          {
            "name": "RHSA-2018:1575",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1575"
          },
          {
            "name": "RHSA-2018:1451",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1451"
          },
          {
            "name": "RHSA-2018:0629",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0629"
          },
          {
            "name": "RHSA-2018:0628",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0628"
          },
          {
            "name": "RHSA-2018:0582",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0582"
          },
          {
            "name": "103737",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103737"
          },
          {
            "name": "RHSA-2018:2419",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2419"
          },
          {
            "name": "RHSA-2018:1447",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1447"
          },
          {
            "name": "RHSA-2018:1247",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1247"
          },
          {
            "name": "RHSA-2018:0627",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0627"
          },
          {
            "name": "RHSA-2018:2930",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2930"
          },
          {
            "name": "RHSA-2018:1249",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1249"
          },
          {
            "name": "RHSA-2018:0592",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0592"
          },
          {
            "name": "[infra-devnull] 20190321 [GitHub] [tika] dadoonet opened pull request #268: Update slf4j to 1.8.0-beta4",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f%40%3Cdevnull.infra.apache.org%3E"
          },
          {
            "name": "[infra-devnull] 20190321 [GitHub] [tika] grossws commented on issue #268: Update slf4j to 1.8.0-beta4",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa%40%3Cdevnull.infra.apache.org%3E"
          },
          {
            "name": "RHSA-2019:2413",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2413"
          },
          {
            "name": "RHSA-2019:3140",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3140"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.qos.ch/browse/SLF4J-430"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405"
          },
          {
            "name": "[hadoop-common-dev] 20200824 [jira] [Created] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378%40%3Ccommon-dev.hadoop.apache.org%3E"
          },
          {
            "name": "[hadoop-common-issues] 20200824 [jira] [Created] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991%40%3Ccommon-issues.hadoop.apache.org%3E"
          },
          {
            "name": "[hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0%40%3Ccommon-issues.hadoop.apache.org%3E"
          },
          {
            "name": "[hadoop-common-issues] 20200824 [jira] [Commented] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264%40%3Ccommon-issues.hadoop.apache.org%3E"
          },
          {
            "name": "[hadoop-common-commits] 20200824 [hadoop] branch branch-3.3 updated: HADOOP-17220. Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088). Contributed by Brahma Reddy Battula.",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78%40%3Ccommon-commits.hadoop.apache.org%3E"
          },
          {
            "name": "[hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489%40%3Ccommon-issues.hadoop.apache.org%3E"
          },
          {
            "name": "[hadoop-common-commits] 20200824 [hadoop] branch trunk updated: HADOOP-17220. Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088). Contributed by Brahma Reddy Battula.",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462%40%3Ccommon-commits.hadoop.apache.org%3E"
          },
          {
            "name": "[logging-notifications] 20200825 [jira] [Commented] (LOG4J2-2329) Fix dependency in log4j-slf4j-impl to slf4j due to CVE-2018-8088",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25%40%3Cnotifications.logging.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210127 [GitHub] [pulsar] GLouMcK opened a new issue #9347: Security Vulnerabilities - Black Duck Scan",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[iotdb-notifications] 20210325 [jira] [Created] (IOTDB-1258) jcl-over-slf4j have Security Vulnerabilities CVE-2018-8088",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe%40%3Cnotifications.iotdb.apache.org%3E"
          },
          {
            "name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] wangchao316 opened a new pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5%40%3Creviews.iotdb.apache.org%3E"
          },
          {
            "name": "[iotdb-reviews] 20210327 [GitHub] [iotdb] wangchao316 closed pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42%40%3Creviews.iotdb.apache.org%3E"
          },
          {
            "name": "[iotdb-reviews] 20210327 [GitHub] [iotdb] wangchao316 opened a new pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e%40%3Creviews.iotdb.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210327 [jira] [Created] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210327 [jira] [Updated] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20210327 [jira] [Created] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210328 [jira] [Commented] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[iotdb-reviews] 20210328 [GitHub] [iotdb] HTHou merged pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9%40%3Creviews.iotdb.apache.org%3E"
          },
          {
            "name": "[iotdb-commits] 20210328 [iotdb] branch master updated: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088 (#2906)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042%40%3Ccommits.iotdb.apache.org%3E"
          },
          {
            "name": "[flink-dev] 20210720 [jira] [Created] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa%40%3Cdev.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20210720 [jira] [Created] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3%40%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20210721 [jira] [Commented] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729%40%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20210725 [jira] [Commented] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db%40%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20210804 [jira] [Closed] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541%40%3Cissues.flink.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.slf4j.org/news.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231227-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-03-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-27T15:06:37.054Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2018:1448",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1448"
        },
        {
          "name": "1040627",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1040627"
        },
        {
          "name": "RHSA-2018:1449",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1449"
        },
        {
          "url": "https://jira.qos.ch/browse/SLF4J-431"
        },
        {
          "name": "RHSA-2018:1248",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1248"
        },
        {
          "name": "RHSA-2018:1251",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1251"
        },
        {
          "name": "RHSA-2018:2143",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2143"
        },
        {
          "name": "RHSA-2018:1450",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1450"
        },
        {
          "name": "RHSA-2018:2669",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2669"
        },
        {
          "name": "RHSA-2018:1323",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1323"
        },
        {
          "name": "RHSA-2018:2420",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2420"
        },
        {
          "name": "RHSA-2018:0630",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0630"
        },
        {
          "name": "RHSA-2018:1525",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1525"
        },
        {
          "name": "RHSA-2018:1575",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1575"
        },
        {
          "name": "RHSA-2018:1451",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1451"
        },
        {
          "name": "RHSA-2018:0629",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0629"
        },
        {
          "name": "RHSA-2018:0628",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0628"
        },
        {
          "name": "RHSA-2018:0582",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0582"
        },
        {
          "name": "103737",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/103737"
        },
        {
          "name": "RHSA-2018:2419",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2419"
        },
        {
          "name": "RHSA-2018:1447",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1447"
        },
        {
          "name": "RHSA-2018:1247",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1247"
        },
        {
          "name": "RHSA-2018:0627",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0627"
        },
        {
          "name": "RHSA-2018:2930",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2930"
        },
        {
          "name": "RHSA-2018:1249",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1249"
        },
        {
          "name": "RHSA-2018:0592",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0592"
        },
        {
          "name": "[infra-devnull] 20190321 [GitHub] [tika] dadoonet opened pull request #268: Update slf4j to 1.8.0-beta4",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f%40%3Cdevnull.infra.apache.org%3E"
        },
        {
          "name": "[infra-devnull] 20190321 [GitHub] [tika] grossws commented on issue #268: Update slf4j to 1.8.0-beta4",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa%40%3Cdevnull.infra.apache.org%3E"
        },
        {
          "name": "RHSA-2019:2413",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2413"
        },
        {
          "name": "RHSA-2019:3140",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3140"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "url": "https://jira.qos.ch/browse/SLF4J-430"
        },
        {
          "url": "https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405"
        },
        {
          "name": "[hadoop-common-dev] 20200824 [jira] [Created] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378%40%3Ccommon-dev.hadoop.apache.org%3E"
        },
        {
          "name": "[hadoop-common-issues] 20200824 [jira] [Created] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991%40%3Ccommon-issues.hadoop.apache.org%3E"
        },
        {
          "name": "[hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0%40%3Ccommon-issues.hadoop.apache.org%3E"
        },
        {
          "name": "[hadoop-common-issues] 20200824 [jira] [Commented] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264%40%3Ccommon-issues.hadoop.apache.org%3E"
        },
        {
          "name": "[hadoop-common-commits] 20200824 [hadoop] branch branch-3.3 updated: HADOOP-17220. Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088). Contributed by Brahma Reddy Battula.",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78%40%3Ccommon-commits.hadoop.apache.org%3E"
        },
        {
          "name": "[hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088)",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489%40%3Ccommon-issues.hadoop.apache.org%3E"
        },
        {
          "name": "[hadoop-common-commits] 20200824 [hadoop] branch trunk updated: HADOOP-17220. Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088). Contributed by Brahma Reddy Battula.",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462%40%3Ccommon-commits.hadoop.apache.org%3E"
        },
        {
          "name": "[logging-notifications] 20200825 [jira] [Commented] (LOG4J2-2329) Fix dependency in log4j-slf4j-impl to slf4j due to CVE-2018-8088",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25%40%3Cnotifications.logging.apache.org%3E"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210127 [GitHub] [pulsar] GLouMcK opened a new issue #9347: Security Vulnerabilities - Black Duck Scan",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[iotdb-notifications] 20210325 [jira] [Created] (IOTDB-1258) jcl-over-slf4j have Security Vulnerabilities CVE-2018-8088",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe%40%3Cnotifications.iotdb.apache.org%3E"
        },
        {
          "name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] wangchao316 opened a new pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5%40%3Creviews.iotdb.apache.org%3E"
        },
        {
          "name": "[iotdb-reviews] 20210327 [GitHub] [iotdb] wangchao316 closed pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42%40%3Creviews.iotdb.apache.org%3E"
        },
        {
          "name": "[iotdb-reviews] 20210327 [GitHub] [iotdb] wangchao316 opened a new pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e%40%3Creviews.iotdb.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210327 [jira] [Created] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210327 [jira] [Updated] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20210327 [jira] [Created] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210328 [jira] [Commented] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[iotdb-reviews] 20210328 [GitHub] [iotdb] HTHou merged pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9%40%3Creviews.iotdb.apache.org%3E"
        },
        {
          "name": "[iotdb-commits] 20210328 [iotdb] branch master updated: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088 (#2906)",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042%40%3Ccommits.iotdb.apache.org%3E"
        },
        {
          "name": "[flink-dev] 20210720 [jira] [Created] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa%40%3Cdev.flink.apache.org%3E"
        },
        {
          "name": "[flink-issues] 20210720 [jira] [Created] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3%40%3Cissues.flink.apache.org%3E"
        },
        {
          "name": "[flink-issues] 20210721 [jira] [Commented] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729%40%3Cissues.flink.apache.org%3E"
        },
        {
          "name": "[flink-issues] 20210725 [jira] [Commented] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db%40%3Cissues.flink.apache.org%3E"
        },
        {
          "name": "[flink-issues] 20210804 [jira] [Closed] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541%40%3Cissues.flink.apache.org%3E"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://www.slf4j.org/news.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231227-0010/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-8088",
    "datePublished": "2018-03-20T00:00:00.000Z",
    "dateReserved": "2018-03-13T00:00:00.000Z",
    "dateUpdated": "2024-08-05T06:46:12.940Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-W77P-8CFG-2X43

CVE-2018-8088 (GCVE-0-2018-8088)

Tags

Sightings

Nomenclature