Search for packages
| purl | pkg:maven/org.apache.thrift/libthrift@0.10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6r6v-dxqb-3fe1
Aliases: CVE-2019-0210 GHSA-jq7p-26h5-w78r |
Out-of-bounds read in Apache Thrift In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. |
Affected by 1 other vulnerability. |
|
VCID-bjpb-v3v5-5beg
Aliases: CVE-2018-11798 GHSA-vx85-mj8c-4qm6 |
File and Directory Information Exposure The Apache Thrift Node.js static web server contains a security vulnerability in which a remote user has the ability to access files outside the set webservers `docroot` path. |
Affected by 3 other vulnerabilities. |
|
VCID-gkzd-prsr-gqc8
Aliases: CVE-2020-13949 GHSA-g2fg-mr77-6vrm |
Uncontrolled Resource Consumption in Apache Thrift In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. |
Affected by 0 other vulnerabilities. |
|
VCID-rxjp-h3tu-tqh8
Aliases: CVE-2018-1320 GHSA-wjxj-f8rg-99wx |
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete. |
Affected by 3 other vulnerabilities. |
|
VCID-y1ca-jr94-kfb4
Aliases: CVE-2019-0205 GHSA-rj7p-rfgp-852x |
Multiple vulnerabilities have been found in Apache Thrift, the worst of which could result in a Denial of Service condition. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||