You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mnemonic.apache.org by "Yanhui Zhao (Jira)" <ji...@apache.org> on 2022/03/06 01:32:00 UTC

[jira] [Resolved] (MNEMONIC-720) Security vulnerabilities of logback modules identified

     [ https://issues.apache.org/jira/browse/MNEMONIC-720?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Yanhui Zhao resolved MNEMONIC-720.
----------------------------------
    Resolution: Fixed

> Security vulnerabilities of logback modules identified
> ------------------------------------------------------
>
>                 Key: MNEMONIC-720
>                 URL: https://issues.apache.org/jira/browse/MNEMONIC-720
>             Project: Mnemonic
>          Issue Type: Bug
>          Components: Logging
>    Affects Versions: 0.17.0
>            Reporter: Wang, Gang
>            Assignee: Yanhui Zhao
>            Priority: Major
>             Fix For: 0.17.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> There are several security vulnerabilities identified for the current version of logback modules
> *logback-core:*
> Direct vulnerabilities:
> [CVE-2021-42550|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42550]
> [CVE-2017-5929|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929]
> [https://mvnrepository.com/artifact/ch.qos.logback/logback-core/1.1.11]
> *logback-classic:*
> Direct vulnerabilities:
> [CVE-2017-5929|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929]
> Vulnerabilities from dependencies:
> [CVE-2022-23305|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305]
> [CVE-2022-23302|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302]
> [CVE-2022-23221|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221]
> [CVE-2021-42550|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42550]
> [CVE-2021-4104|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104]
> [CVE-2020-10683|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10683]
> [CVE-2019-17571|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571]
> [CVE-2017-5929|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929]
> [https://mvnrepository.com/artifact/ch.qos.logback/logback-classic/1.1.11]
> Suggest upgrading to v1.2.10 to mitigate those risks.
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)