CVE-2018-8088: org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.

Affected

31 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	libslf4j-java	< libslf4j-java 1.7.25-3 (bookworm)	libslf4j-java 1.7.25-3 (bookworm)
oracle	goldengate_application_adapters	—	—
oracle	goldengate_stream_analytics	< 19.1.0.0.1	19.1.0.0.1
oracle	utilities_framework	—	—
oracle	utilities_framework	—	—
oracle	utilities_framework	—	—
oracle	utilities_framework	—	—
oracle	utilities_framework	—	—
oracle	utilities_framework	—	—
oracle	utilities_framework	—	—
oracle	utilities_framework	—	—
qos	slf4j	< 1.7.26	1.7.26
qos	slf4j	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL