[jira] [Created] (MNEMONIC-720) Security vulnerabilities for logback modules

Mon, 07 Feb 2022 23:34:06 -0800 

Wang, Gang created MNEMONIC-720:
-----------------------------------

             Summary: Security vulnerabilities for logback modules
                 Key: MNEMONIC-720
                 URL: https://issues.apache.org/jira/browse/MNEMONIC-720
             Project: Mnemonic
          Issue Type: Bug
          Components: Logging
    Affects Versions: 0.17.0
            Reporter: Wang, Gang
             Fix For: 0.17.0


There are several security vulnerabilities identified for the current version 
of logback modules

*logback-core:*

Direct vulnerabilities:
[CVE-2021-42550|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42550]
[CVE-2017-5929|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929]

[https://mvnrepository.com/artifact/ch.qos.logback/logback-core/1.1.11]

*logback-classic:*

Direct vulnerabilities:
[CVE-2017-5929|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929]

Vulnerabilities from dependencies:
[CVE-2022-23305|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305]
[CVE-2022-23302|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302]
[CVE-2022-23221|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221]
[CVE-2021-42550|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42550]
[CVE-2021-4104|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104]
[CVE-2020-10683|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10683]
[CVE-2019-17571|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571]
[CVE-2017-5929|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929]

[https://mvnrepository.com/artifact/ch.qos.logback/logback-classic/1.1.11]

Suggest upgrading to v1.2.10 to mitigate those risks.

 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to