java-sig-commits May 2018

java-sig-commits@lists.stg.fedoraproject.org

1 participants
441 discussions

Start a nNew thread

[Bug 1548909] CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
by bugzilla＠redhat.com 01 May '18

01 May '18

https://bugzilla.redhat.com/show_bug.cgi?id=1548909 Avital Pinnick <apinnick(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |apinnick(a)redhat.com --- Doc Text *updated* --- An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits May 2018