CVE - CVE-2018-8088

CVE-ID
CVE-2018-8088	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:103737 URL:http://www.securityfocus.com/bid/103737 CONFIRM:https://security.netapp.com/advisory/ntap-20231227-0010/ MISC:https://jira.qos.ch/browse/SLF4J-431 MISC:https://www.slf4j.org/news.html MISC:https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405 URL:https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405 MISC:https://jira.qos.ch/browse/SLF4J-430 URL:https://jira.qos.ch/browse/SLF4J-430 MISC:https://jira.qos.ch/browse/SLF4J-431 URL:https://jira.qos.ch/browse/SLF4J-431 MISC:https://www.oracle.com/security-alerts/cpujul2020.html URL:https://www.oracle.com/security-alerts/cpujul2020.html MISC:https://www.oracle.com/security-alerts/cpuoct2020.html URL:https://www.oracle.com/security-alerts/cpuoct2020.html MISC:https://www.oracle.com/security-alerts/cpuoct2021.html URL:https://www.oracle.com/security-alerts/cpuoct2021.html MISC:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html URL:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html MLIST:[flink-dev] 20210720 [jira] [Created] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088 URL:https://lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa@%3Cdev.flink.apache.org%3E MLIST:[flink-issues] 20210720 [jira] [Created] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088 URL:https://lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3@%3Cissues.flink.apache.org%3E MLIST:[flink-issues] 20210721 [jira] [Commented] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088 URL:https://lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729@%3Cissues.flink.apache.org%3E MLIST:[flink-issues] 20210725 [jira] [Commented] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088 URL:https://lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db@%3Cissues.flink.apache.org%3E MLIST:[flink-issues] 20210804 [jira] [Closed] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088 URL:https://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541@%3Cissues.flink.apache.org%3E MLIST:[hadoop-common-commits] 20200824 [hadoop] branch branch-3.3 updated: HADOOP-17220. Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088). Contributed by Brahma Reddy Battula. URL:https://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78@%3Ccommon-commits.hadoop.apache.org%3E MLIST:[hadoop-common-commits] 20200824 [hadoop] branch trunk updated: HADOOP-17220. Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088). Contributed by Brahma Reddy Battula. URL:https://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462@%3Ccommon-commits.hadoop.apache.org%3E MLIST:[hadoop-common-dev] 20200824 [jira] [Created] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088) URL:https://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378@%3Ccommon-dev.hadoop.apache.org%3E MLIST:[hadoop-common-issues] 20200824 [jira] [Commented] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088) URL:https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264@%3Ccommon-issues.hadoop.apache.org%3E MLIST:[hadoop-common-issues] 20200824 [jira] [Created] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088) URL:https://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991@%3Ccommon-issues.hadoop.apache.org%3E MLIST:[hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088) URL:https://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489@%3Ccommon-issues.hadoop.apache.org%3E MLIST:[hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088) URL:https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0@%3Ccommon-issues.hadoop.apache.org%3E MLIST:[infra-devnull] 20190321 [GitHub] [tika] dadoonet opened pull request #268: Update slf4j to 1.8.0-beta4 URL:https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f@%3Cdevnull.infra.apache.org%3E MLIST:[infra-devnull] 20190321 [GitHub] [tika] grossws commented on issue #268: Update slf4j to 1.8.0-beta4 URL:https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa@%3Cdevnull.infra.apache.org%3E MLIST:[iotdb-commits] 20210328 [iotdb] branch master updated: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088 (#2906) URL:https://lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042@%3Ccommits.iotdb.apache.org%3E MLIST:[iotdb-notifications] 20210325 [jira] [Created] (IOTDB-1258) jcl-over-slf4j have Security Vulnerabilities CVE-2018-8088 URL:https://lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe@%3Cnotifications.iotdb.apache.org%3E MLIST:[iotdb-reviews] 20210325 [GitHub] [iotdb] wangchao316 opened a new pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088 URL:https://lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5@%3Creviews.iotdb.apache.org%3E MLIST:[iotdb-reviews] 20210327 [GitHub] [iotdb] wangchao316 closed pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088 URL:https://lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42@%3Creviews.iotdb.apache.org%3E MLIST:[iotdb-reviews] 20210327 [GitHub] [iotdb] wangchao316 opened a new pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088 URL:https://lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e@%3Creviews.iotdb.apache.org%3E MLIST:[iotdb-reviews] 20210328 [GitHub] [iotdb] HTHou merged pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088 URL:https://lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9@%3Creviews.iotdb.apache.org%3E MLIST:[logging-notifications] 20200825 [jira] [Commented] (LOG4J2-2329) Fix dependency in log4j-slf4j-impl to slf4j due to CVE-2018-8088 URL:https://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25@%3Cnotifications.logging.apache.org%3E MLIST:[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list URL:https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E MLIST:[pulsar-commits] 20210127 [GitHub] [pulsar] GLouMcK opened a new issue #9347: Security Vulnerabilities - Black Duck Scan URL:https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf@%3Ccommits.pulsar.apache.org%3E MLIST:[zookeeper-dev] 20210327 [jira] [Created] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088 URL:https://lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c@%3Cdev.zookeeper.apache.org%3E MLIST:[zookeeper-issues] 20210327 [jira] [Created] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088 URL:https://lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa@%3Cissues.zookeeper.apache.org%3E MLIST:[zookeeper-issues] 20210327 [jira] [Updated] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088 URL:https://lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56@%3Cissues.zookeeper.apache.org%3E MLIST:[zookeeper-issues] 20210328 [jira] [Commented] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088 URL:https://lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a@%3Cissues.zookeeper.apache.org%3E REDHAT:RHSA-2018:0582 URL:https://access.redhat.com/errata/RHSA-2018:0582 REDHAT:RHSA-2018:0592 URL:https://access.redhat.com/errata/RHSA-2018:0592 REDHAT:RHSA-2018:0627 URL:https://access.redhat.com/errata/RHSA-2018:0627 REDHAT:RHSA-2018:0628 URL:https://access.redhat.com/errata/RHSA-2018:0628 REDHAT:RHSA-2018:0629 URL:https://access.redhat.com/errata/RHSA-2018:0629 REDHAT:RHSA-2018:0630 URL:https://access.redhat.com/errata/RHSA-2018:0630 REDHAT:RHSA-2018:1247 URL:https://access.redhat.com/errata/RHSA-2018:1247 REDHAT:RHSA-2018:1248 URL:https://access.redhat.com/errata/RHSA-2018:1248 REDHAT:RHSA-2018:1249 URL:https://access.redhat.com/errata/RHSA-2018:1249 REDHAT:RHSA-2018:1251 URL:https://access.redhat.com/errata/RHSA-2018:1251 REDHAT:RHSA-2018:1323 URL:https://access.redhat.com/errata/RHSA-2018:1323 REDHAT:RHSA-2018:1447 URL:https://access.redhat.com/errata/RHSA-2018:1447 REDHAT:RHSA-2018:1448 URL:https://access.redhat.com/errata/RHSA-2018:1448 REDHAT:RHSA-2018:1449 URL:https://access.redhat.com/errata/RHSA-2018:1449 REDHAT:RHSA-2018:1450 URL:https://access.redhat.com/errata/RHSA-2018:1450 REDHAT:RHSA-2018:1451 URL:https://access.redhat.com/errata/RHSA-2018:1451 REDHAT:RHSA-2018:1525 URL:https://access.redhat.com/errata/RHSA-2018:1525 REDHAT:RHSA-2018:1575 URL:https://access.redhat.com/errata/RHSA-2018:1575 REDHAT:RHSA-2018:2143 URL:https://access.redhat.com/errata/RHSA-2018:2143 REDHAT:RHSA-2018:2419 URL:https://access.redhat.com/errata/RHSA-2018:2419 REDHAT:RHSA-2018:2420 URL:https://access.redhat.com/errata/RHSA-2018:2420 REDHAT:RHSA-2018:2669 URL:https://access.redhat.com/errata/RHSA-2018:2669 REDHAT:RHSA-2018:2930 URL:https://access.redhat.com/errata/RHSA-2018:2930 REDHAT:RHSA-2019:2413 URL:https://access.redhat.com/errata/RHSA-2019:2413 REDHAT:RHSA-2019:3140 URL:https://access.redhat.com/errata/RHSA-2019:3140 SECTRACK:1040627 URL:http://www.securitytracker.com/id/1040627
Assigning CNA
MITRE Corporation
Date Record Created
20180313	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20180313)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)