You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tinkerpop.apache.org by "Tal Ron (Jira)" <ji...@apache.org> on 2024/02/08 08:51:00 UTC

[jira] [Updated] (TINKERPOP-3050) security vulnerability in logback-core

     [ https://issues.apache.org/jira/browse/TINKERPOP-3050?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tal Ron updated TINKERPOP-3050:
-------------------------------
    Summary: security vulnerability in logback-core   (was: severity security vulnerability in logback-core )

> security vulnerability in logback-core 
> ---------------------------------------
>
>                 Key: TINKERPOP-3050
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-3050
>             Project: TinkerPop
>          Issue Type: Bug
>          Components: console
>    Affects Versions: 3.6.6
>            Reporter: Tal Ron
>            Priority: Critical
>
> used logback-core version is: 1.2.11- [CVE-2023-6378|https://github.com/advisories/GHSA-vmq6-5m68-f53m]
> [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6378]
>  
> [https://github.com/advisories/GHSA-vmq6-5m68-f53m]
> I see that even latest v1.2.13 has security issue: 
> [https://mvnrepository.com/artifact/ch.qos.logback/logback-core]
> 1.3.12, 1.3.14, 1.4.12 and latest 1.4.14 are currently safe
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)