org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta4
allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J version 1.7.26
and later and in the 2.0.x
series.
Note that while the fix commit is associated with the tag 1.8.0-beta3
, the versions in Maven go directly from 1.8.0-beta2
to 1.8.0-beta4
.
{ "nvd_published_at": "2018-03-20T16:29:00Z", "cwe_ids": [ "CWE-284" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2022-06-29T18:51:39Z" }