[TINKERPOP-3050] security vulnerability in logback-core - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 3.6.6
Fix Version/s: 3.6.8, 3.7.3
Component/s: console
Labels:
None

Description

used logback-core version is: 1.2.11- CVE-2023-6378

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6378

https://github.com/advisories/GHSA-vmq6-5m68-f53m

I see that even latest v1.2.13 has security issue:

https://mvnrepository.com/artifact/ch.qos.logback/logback-core

1.3.12, 1.3.14, 1.4.12 and latest 1.4.14 are currently safe

Attachments

Activity

People

Assignee:: Cole Greer

Reporter:: Tal Ron

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 08/Feb/24 08:46

Updated:: 04/Oct/24 20:07

Resolved:: 04/Oct/24 20:07