You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.
CVE-2019-0205 - High Severity Vulnerability
Vulnerable Libraries - github.com/lightstep/lightstep-tracer-go/thrift_0_9_2/lib/go/thrift-v0.15.2, github.com/apache/thrift/lib/go/thrift-0.11.0, thrift0.11.0, grafanav5.0.0-beta1
github.com/lightstep/lightstep-tracer-go/thrift_0_9_2/lib/go/thrift-v0.15.2
The LightStep distributed tracing library for Go
Dependency Hierarchy:
github.com/apache/thrift/lib/go/thrift-0.11.0
Apache Thrift
Dependency Hierarchy:
Vulnerability Details
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.
Publish Date: 2019-10-29
URL: CVE-2019-0205
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0205
Release Date: 2019-10-29
Fix Resolution: org.apache.thrift:libthrift:0.13.0
The text was updated successfully, but these errors were encountered: