CESA-2018:0592 -- centos 7 slf4j
|ID: oval:org.secpod.oval:def:204773||Date: (C)2018-04-03 (M)2018-10-22|
|Class: PATCH||Family: unix|
The Simple Logging Facade for Java or is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging . Security Fix: * slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Red Hat would like to thank Chris McCown for reporting this issue.