A scan is turning up a CVE for this: CRITICAL Vulnerability found in non-os package type (java) - /elastic-apm-agent-1.21.0.jar:slf4j-api (CVE-2018-8088 - https://nvd.nist.gov/vuln/detail/CVE-2018-8088) This showed up in an earlier version, too (1.17.0). 1.21.0 is the latest and still has this?

Hi and thanks a lot for the report. For security reports, please don't report them in the forum but stick to the process laid out in Free and Open Search: The Creators of Elasticsearch, ELK & Kibana | Elastic . For this particular case it seems like a false positive. The CVE is about the slf4j-ext…

Remedy for CVE-2018-8088 in elastic-apm-agent-1.21.0.jar?

Elastic Observability APM

seanleblanc February 19, 2021, 9:02pm 3

Oh, thank you. I did not realize there was a separate process for this. In any case, this was Anchore finding this, if that helps at all. Forgot to mention that in original question.

Cheers.

Topic		Replies	Views
Elastic-apm-agent-1.33.0.jar flagged by security scan APM java	5	500	March 24, 2023
CVE-2021-45105 and CVE-2020-9488 vulnerabilities with java apm agent 1.28.4 APM java	4	1717	February 9, 2022
How to shift to elastic-apm-agent-java8 APM java	2	277	January 8, 2024
Log4J version in apm-agent APM java	3	142	February 4, 2025
CVE-2020-9488 vulnerabilities with java apm agent 1.34.1 APM java	2	1779	December 7, 2022

Remedy for CVE-2018-8088 in elastic-apm-agent-1.21.0.jar?

Related topics