[Bug 1548909] CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1548909
Jonathan Christison <jochrist(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|80222,reported=20180226,sou |80222,reported=20180226,sou
|rce=researcher,cvss3=8.1/CV |rce=researcher,cvss3=8.1/CV
|SS:3.0/AV:N/AC:H/PR:N/UI:N/ |SS:3.0/AV:N/AC:H/PR:N/UI:N/
|S:U/C:H/I:H/A:H,cwe=CWE-502 |S:U/C:H/I:H/A:H,cwe=CWE-502
|,fedora-all/slf4j=affected, |,fedora-all/slf4j=affected,
|fedora-all/slf4j-jboss-logm |fedora-all/slf4j-jboss-logm
|anager=affected,openshift-1 |anager=affected,openshift-1
|/slf4j=affected,rhscl-3/rh- |/slf4j=affected,rhscl-3/rh-
|java-common-slf4j=notaffect |java-common-slf4j=notaffect
|ed,sam-1/slf4j=wontfix,jws- |ed,sam-1/slf4j=wontfix,jws-
|3/slf4j=notaffected,brms-5/ |3/slf4j=notaffected,brms-5/
|slf4j=notaffected,brms-6/sl |slf4j=notaffected,brms-6/sl
|f4j=affected,amq-6/slf4j=ne |f4j=affected,amq-6/slf4j=ne
|w,soap-5/slf4j=wontfix,eap- |w,soap-5/slf4j=wontfix,eap-
|5/slf4j=new,eap-6/slf4j=aff |5/slf4j=new,eap-6/slf4j=aff
|ected,eap-7/slf4j=affected, |ected,eap-7/slf4j=affected,
|jbds-11/slf4j=wontfix,jdg-6 |jbds-11/slf4j=wontfix,jdg-6
|/slf4j=notaffected,jdg-7/sl |/slf4j=notaffected,jdg-7/sl
|f4j=affected,jdv-6/slf4j=af |f4j=affected,jdv-6/slf4j=af
|fected,fsw-6/slf4j=new,fuse |fected,fsw-6/slf4j=wontfix,
|-6/slf4j=new,jon-3/slf4j=af |fuse-6/slf4j=new,jon-3/slf4
|fected,jpp-6/slf4j=notaffec |j=affected,jpp-6/slf4j=nota
|ted,rhsso-7/slf4j=affected, |ffected,rhsso-7/slf4j=affec
|rhn_satellite_6/spacewalk-s |ted,rhn_satellite_6/spacewa
|lf4j=notaffected,rhn_satell |lk-slf4j=notaffected,rhn_sa
|ite_6/slf4j=notaffected,rhe |tellite_6/slf4j=notaffected
|l-6/slf4j=wontfix,rhel-7/sl |,rhel-6/slf4j=wontfix,rhel-
|f4j=affected,rhel-8/slf4j=n |7/slf4j=affected,rhel-8/slf
|otaffected,rhev-m-4/jboss=a |4j=notaffected,rhev-m-4/jbo
|ffected,vertx-3/slf4j=notaf |ss=affected,vertx-3/slf4j=n
|fected,openstack-8/slf4j-ap |otaffected,openstack-8/slf4
|i=notaffected,openstack-9/s |j-api=notaffected,openstack
|lf4j-api=notaffected,openst |-9/slf4j-api=notaffected,op
|ack-10/slf4j-api=notaffecte |enstack-10/slf4j-api=notaff
|d,openstack-11/slf4j-api=no |ected,openstack-11/slf4j-ap
|taffected,openstack-12/slf4 |i=notaffected,openstack-12/
|j-api=notaffected,openstack |slf4j-api=notaffected,opens
|-13/slf4j-api=notaffected,r |tack-13/slf4j-api=notaffect
|hscl-3/rh-maven35-slf4j=aff |ed,rhscl-3/rh-maven35-slf4j
|ected,fis-2/slf4j=affected |=affected,fis-2/slf4j=affec
| |ted
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 11 months
- 1
- 0