Uploaded image for project: 'Apache Cassandra'
  1. Apache Cassandra
  2. CASSANDRA-15829

Upgrade to logback 1.2.3 to address CVE-2017-5929

    XMLWordPrintableJSON

Details

    • Security - Remote Code Execution
    • Critical
    • Low Hanging Fruit
    • User Report
    • All
    • Security

    Description

      Recent scan results identified the following CVE that requires this upgrade to address

      https://nvd.nist.gov/vuln/detail/CVE-2017-5929

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. CASSANDRA-15421 CVE-2017-5929 in 3.11.x (QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.)

          • Urgent - This issue should block release until it is resolved, and trigger immediate release once resolved.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. CASSANDRA-15411 [9.8] [CVE-2017-5929] [Cassandra] [2.2.5]

          • Normal -
          • Resolved

          Activity

            People

              Unassigned Unassigned
              c3-keveker Kevin Eveker
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: