9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.022 Low
EPSS
Percentile
89.3%
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta4
allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J version 1.7.26
and later and in the 2.0.x
series.
Note that while the fix commit is associated with the tag 1.8.0-beta3
, the versions in Maven go directly from 1.8.0-beta2
to 1.8.0-beta4
.
www.securityfocus.com/bid/103737
www.securitytracker.com/id/1040627
access.redhat.com/errata/RHSA-2018:0582
access.redhat.com/errata/RHSA-2018:0592
access.redhat.com/errata/RHSA-2018:0627
access.redhat.com/errata/RHSA-2018:0628
access.redhat.com/errata/RHSA-2018:0629
access.redhat.com/errata/RHSA-2018:0630
access.redhat.com/errata/RHSA-2018:1247
access.redhat.com/errata/RHSA-2018:1248
access.redhat.com/errata/RHSA-2018:1249
access.redhat.com/errata/RHSA-2018:1251
access.redhat.com/errata/RHSA-2018:1323
access.redhat.com/errata/RHSA-2018:1447
access.redhat.com/errata/RHSA-2018:1448
access.redhat.com/errata/RHSA-2018:1449
access.redhat.com/errata/RHSA-2018:1450
access.redhat.com/errata/RHSA-2018:1451
access.redhat.com/errata/RHSA-2018:1525
access.redhat.com/errata/RHSA-2018:1575
access.redhat.com/errata/RHSA-2018:2143
access.redhat.com/errata/RHSA-2018:2419
access.redhat.com/errata/RHSA-2018:2420
access.redhat.com/errata/RHSA-2018:2669
access.redhat.com/errata/RHSA-2018:2930
access.redhat.com/errata/RHSA-2019:2413
access.redhat.com/errata/RHSA-2019:3140
github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405
jira.qos.ch/browse/SLF4J-430
jira.qos.ch/browse/SLF4J-431
lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f%40%3Cdevnull.infra.apache.org%3E
lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f@%3Cdevnull.infra.apache.org%3E
lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa%40%3Cdevnull.infra.apache.org%3E
lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa@%3Cdevnull.infra.apache.org%3E
lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa%40%3Cissues.zookeeper.apache.org%3E
lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa@%3Cissues.zookeeper.apache.org%3E
lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489%40%3Ccommon-issues.hadoop.apache.org%3E
lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489@%3Ccommon-issues.hadoop.apache.org%3E
lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe%40%3Cnotifications.iotdb.apache.org%3E
lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe@%3Cnotifications.iotdb.apache.org%3E
lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42%40%3Creviews.iotdb.apache.org%3E
lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42@%3Creviews.iotdb.apache.org%3E
lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56%40%3Cissues.zookeeper.apache.org%3E
lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56@%3Cissues.zookeeper.apache.org%3E
lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5%40%3Creviews.iotdb.apache.org%3E
lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5@%3Creviews.iotdb.apache.org%3E
lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e%40%3Creviews.iotdb.apache.org%3E
lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e@%3Creviews.iotdb.apache.org%3E
lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3%40%3Cissues.flink.apache.org%3E
lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3@%3Cissues.flink.apache.org%3E
lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541%40%3Cissues.flink.apache.org%3E
lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541@%3Cissues.flink.apache.org%3E
lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0%40%3Ccommon-issues.hadoop.apache.org%3E
lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0@%3Ccommon-issues.hadoop.apache.org%3E
lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25%40%3Cnotifications.logging.apache.org%3E
lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25@%3Cnotifications.logging.apache.org%3E
lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729%40%3Cissues.flink.apache.org%3E
lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729@%3Cissues.flink.apache.org%3E
lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E
lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf@%3Ccommits.pulsar.apache.org%3E
lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa%40%3Cdev.flink.apache.org%3E
lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa@%3Cdev.flink.apache.org%3E
lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042%40%3Ccommits.iotdb.apache.org%3E
lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042@%3Ccommits.iotdb.apache.org%3E
lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991%40%3Ccommon-issues.hadoop.apache.org%3E
lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991@%3Ccommon-issues.hadoop.apache.org%3E
lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a%40%3Cissues.zookeeper.apache.org%3E
lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a@%3Cissues.zookeeper.apache.org%3E
lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db%40%3Cissues.flink.apache.org%3E
lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db@%3Cissues.flink.apache.org%3E
lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78%40%3Ccommon-commits.hadoop.apache.org%3E
lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78@%3Ccommon-commits.hadoop.apache.org%3E
lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462%40%3Ccommon-commits.hadoop.apache.org%3E
lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462@%3Ccommon-commits.hadoop.apache.org%3E
lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378%40%3Ccommon-dev.hadoop.apache.org%3E
lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378@%3Ccommon-dev.hadoop.apache.org%3E
lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c%40%3Cdev.zookeeper.apache.org%3E
lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c@%3Cdev.zookeeper.apache.org%3E
lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9%40%3Creviews.iotdb.apache.org%3E
lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9@%3Creviews.iotdb.apache.org%3E
lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264%40%3Ccommon-issues.hadoop.apache.org%3E
lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264@%3Ccommon-issues.hadoop.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2018-8088
security.netapp.com/advisory/ntap-20231227-0010
www.oracle.com/security-alerts/cpujul2020.html
www.oracle.com/security-alerts/cpuoct2020.html
www.oracle.com/security-alerts/cpuoct2021.html
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
www.slf4j.org/news.html
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.022 Low
EPSS
Percentile
89.3%