Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/thrift@0.17.0-2?distro=trixie
purl pkg:deb/debian/thrift@0.17.0-2?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-6r6v-dxqb-3fe1 Out-of-bounds read in Apache Thrift In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. CVE-2019-0210
GHSA-jq7p-26h5-w78r
VCID-8ye2-rpy6-zqak Apache Thrift Go Library Command Injection The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0. CVE-2016-5397
GHSA-r4m4-pmvw-m6j5
VCID-bjpb-v3v5-5beg File and Directory Information Exposure The Apache Thrift Node.js static web server contains a security vulnerability in which a remote user has the ability to access files outside the set webservers `docroot` path. CVE-2018-11798
GHSA-vx85-mj8c-4qm6
VCID-gkzd-prsr-gqc8 Uncontrolled Resource Consumption in Apache Thrift In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. CVE-2020-13949
GHSA-g2fg-mr77-6vrm
VCID-y1ca-jr94-kfb4 Multiple vulnerabilities have been found in Apache Thrift, the worst of which could result in a Denial of Service condition. CVE-2019-0205
GHSA-rj7p-rfgp-852x

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:15:25.046893+00:00 Debian Importer Fixing VCID-y1ca-jr94-kfb4 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:54:32.308542+00:00 Debian Importer Fixing VCID-8ye2-rpy6-zqak https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:51:28.971697+00:00 Debian Importer Fixing VCID-6r6v-dxqb-3fe1 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:15:41.965565+00:00 Debian Importer Fixing VCID-bjpb-v3v5-5beg https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T09:07:44.249170+00:00 Debian Importer Fixing VCID-y1ca-jr94-kfb4 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:07:44.831111+00:00 Debian Importer Fixing VCID-8ye2-rpy6-zqak https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:05:41.014753+00:00 Debian Importer Fixing VCID-6r6v-dxqb-3fe1 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:11:28.666547+00:00 Debian Importer Fixing VCID-bjpb-v3v5-5beg https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:54:18.005856+00:00 Debian Importer Fixing VCID-gkzd-prsr-gqc8 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:17.958098+00:00 Debian Importer Fixing VCID-6r6v-dxqb-3fe1 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:17.916425+00:00 Debian Importer Fixing VCID-y1ca-jr94-kfb4 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:17.869829+00:00 Debian Importer Fixing VCID-bjpb-v3v5-5beg https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:17.822699+00:00 Debian Importer Fixing VCID-8ye2-rpy6-zqak https://security-tracker.debian.org/tracker/data/json 38.1.0