You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tinkerpop.apache.org by "Tal Ron (Jira)" <ji...@apache.org> on 2024/02/08 08:51:00 UTC
[jira] [Updated] (TINKERPOP-3050) security vulnerability in logback-core
[ https://issues.apache.org/jira/browse/TINKERPOP-3050?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tal Ron updated TINKERPOP-3050:
-------------------------------
Summary: security vulnerability in logback-core (was: severity security vulnerability in logback-core )
> security vulnerability in logback-core
> ---------------------------------------
>
> Key: TINKERPOP-3050
> URL: https://issues.apache.org/jira/browse/TINKERPOP-3050
> Project: TinkerPop
> Issue Type: Bug
> Components: console
> Affects Versions: 3.6.6
> Reporter: Tal Ron
> Priority: Critical
>
> used logback-core version is: 1.2.11- [CVE-2023-6378|https://github.com/advisories/GHSA-vmq6-5m68-f53m]
> [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6378]
>
> [https://github.com/advisories/GHSA-vmq6-5m68-f53m]
> I see that even latest v1.2.13 has security issue:
> [https://mvnrepository.com/artifact/ch.qos.logback/logback-core]
> 1.3.12, 1.3.14, 1.4.12 and latest 1.4.14 are currently safe
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)