[jira] [Commented] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088

Christopher Tubbs (Jira) Sun, 28 Mar 2021 06:40:08 -0700


    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17310207#comment-17310207
 ]


Christopher Tubbs commented on ZOOKEEPER-4264:
----------------------------------------------

This is a false positive. According to the upstream ticket, this only affects 
slf4j-ext EventData, which ZooKeeper doesn't use.

> Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088
> ------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-4264
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4264
>             Project: ZooKeeper
>          Issue Type: Improvement
>            Reporter: Sai Kiran Vudutala
>            Priority: Major
>         Attachments: image-2021-03-27-18-19-31-497.png
>
>
> Apache zookeeper 3.6.2 shows security vulnerabilities CVE-2018-8088 for 
> package slf4j 1.7.25 after black duck scanner analysis
> !image-2021-03-27-18-19-31-497.png|width=648,height=336!
>   



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088

Reply via email to