[jira] [Commented] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088

miracle (Jira) Sun, 25 Jul 2021 20:44:07 -0700


    [ 
https://issues.apache.org/jira/browse/FLINK-23444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17387029#comment-17387029
 ]


miracle commented on FLINK-23444:
---------------------------------

In the Flink version, the class involved in the vulnerability was not found : 
org.slf4j.ext.EventData in the SLf4J-ext module

> Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088
> ----------------------------------------------------------
>
>                 Key: FLINK-23444
>                 URL: https://issues.apache.org/jira/browse/FLINK-23444
>             Project: Flink
>          Issue Type: Improvement
>          Components: API / Core
>    Affects Versions: 1.11.3, 1.13.0, 1.12.3, 1.13.1
>            Reporter: Hui Wang
>            Priority: Major
>
> Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088 [1] . When can 
> Flink be upgraded to a more secure version?
> [1] https://nvd.nist.gov/vuln/detail/CVE-2018-8088



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088

Reply via email to