Open mend-for-github-com[bot] opened 3 years ago
mend-for-github-com[bot]
commented
2 years ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
2 years ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
CVE-2018-8088 - High Severity Vulnerability
Extensions to the SLF4J API
Library home page: http://www.slf4j.org
Path to dependency file: /modules/cucumber/modules/codegen/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/slf4j/slf4j-ext/1.7.12/slf4j-ext-1.7.12.jar
Dependency Hierarchy: - swagger-codegen-2.4.13.jar (Root Library) - :x: **slf4j-ext-1.7.12.jar** (Vulnerable Library)
Found in HEAD commit: 2616e3393c26f490cd18ae49306a09616a7b066f
Found in base branch: master
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.
Publish Date: 2018-03-20
URL: CVE-2018-8088
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2018-03-20
Fix Resolution (org.slf4j:slf4j-ext): 1.7.26
Direct dependency fix Resolution (io.swagger:swagger-codegen): 2.4.25