Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.thrift/libthrift@0.5.0
purl pkg:maven/org.apache.thrift/libthrift@0.5.0
Tags Ghost
Next non-vulnerable version 0.14.0
Latest non-vulnerable version 0.14.0
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-rxjp-h3tu-tqh8
Aliases:
CVE-2018-1320
GHSA-wjxj-f8rg-99wx
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.
0.9.3-1
Affected by 5 other vulnerabilities.
0.12.0
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T15:57:14.062844+00:00 GHSA Importer Affected by VCID-rxjp-h3tu-tqh8 https://github.com/advisories/GHSA-wjxj-f8rg-99wx 38.0.0
2026-04-01T12:48:14.070130+00:00 GitLab Importer Affected by VCID-rxjp-h3tu-tqh8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.thrift/libthrift/CVE-2018-1320.yml 38.0.0