[jira] [Updated] (TINKERPOP-3050) security vulnerability in logback-core

Yang Xia (Jira) Fri, 30 Aug 2024 09:42:04 -0700


     [ 
https://issues.apache.org/jira/browse/TINKERPOP-3050?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Yang Xia updated TINKERPOP-3050:
--------------------------------
    Priority: Blocker  (was: Major)

> security vulnerability in logback-core 
> ---------------------------------------
>
>                 Key: TINKERPOP-3050
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-3050
>             Project: TinkerPop
>          Issue Type: Bug
>          Components: console
>    Affects Versions: 3.6.6
>            Reporter: Tal Ron
>            Priority: Blocker
>
> used logback-core version is: 1.2.11- 
> [CVE-2023-6378|https://github.com/advisories/GHSA-vmq6-5m68-f53m]
> [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6378]
>  
> [https://github.com/advisories/GHSA-vmq6-5m68-f53m]
> I see that even latest v1.2.13 has security issue: 
> [https://mvnrepository.com/artifact/ch.qos.logback/logback-core]
> 1.3.12, 1.3.14, 1.4.12 and latest 1.4.14 are currently safe
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (TINKERPOP-3050) security vulnerability in logback-core

Reply via email to