Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/thrift@0.13.0-6?distro=trixie
purl pkg:deb/debian/thrift@0.13.0-6?distro=trixie
Next non-vulnerable version 0.16.0-3
Latest non-vulnerable version 0.22.0-3
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-gkzd-prsr-gqc8
Aliases:
CVE-2020-13949
GHSA-g2fg-mr77-6vrm
Uncontrolled Resource Consumption in Apache Thrift In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
0.16.0-3
Affected by 0 other vulnerabilities.
0.17.0-2
Affected by 0 other vulnerabilities.
0.19.0-4
Affected by 0 other vulnerabilities.
0.22.0-3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-6r6v-dxqb-3fe1 Out-of-bounds read in Apache Thrift In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. CVE-2019-0210
GHSA-jq7p-26h5-w78r
VCID-8ye2-rpy6-zqak Apache Thrift Go Library Command Injection The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0. CVE-2016-5397
GHSA-r4m4-pmvw-m6j5
VCID-bjpb-v3v5-5beg File and Directory Information Exposure The Apache Thrift Node.js static web server contains a security vulnerability in which a remote user has the ability to access files outside the set webservers `docroot` path. CVE-2018-11798
GHSA-vx85-mj8c-4qm6
VCID-y1ca-jr94-kfb4 Multiple vulnerabilities have been found in Apache Thrift, the worst of which could result in a Denial of Service condition. CVE-2019-0205
GHSA-rj7p-rfgp-852x

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:15:25.042088+00:00 Debian Importer Fixing VCID-y1ca-jr94-kfb4 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:54:32.303865+00:00 Debian Importer Fixing VCID-8ye2-rpy6-zqak https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:51:28.966814+00:00 Debian Importer Fixing VCID-6r6v-dxqb-3fe1 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:15:41.959202+00:00 Debian Importer Fixing VCID-bjpb-v3v5-5beg https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T09:07:44.243817+00:00 Debian Importer Fixing VCID-y1ca-jr94-kfb4 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:07:44.828376+00:00 Debian Importer Fixing VCID-8ye2-rpy6-zqak https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:05:41.009256+00:00 Debian Importer Fixing VCID-6r6v-dxqb-3fe1 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:11:28.660214+00:00 Debian Importer Fixing VCID-bjpb-v3v5-5beg https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:54:18.001934+00:00 Debian Importer Affected by VCID-gkzd-prsr-gqc8 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:17.971621+00:00 Debian Importer Fixing VCID-6r6v-dxqb-3fe1 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:17.930839+00:00 Debian Importer Fixing VCID-y1ca-jr94-kfb4 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:17.886827+00:00 Debian Importer Fixing VCID-bjpb-v3v5-5beg https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:17.838073+00:00 Debian Importer Fixing VCID-8ye2-rpy6-zqak https://security-tracker.debian.org/tracker/data/json 38.1.0