CVE-2019-3564 (High) detected in github.com/lightstep/lightstep-tracer-go/thrift_0_9_2/lib/go/thrift-v0.15.2, thrift0.11.0 #257
Labels
security vulnerability
Security vulnerability detected by WhiteSource
CVE-2019-3564 - High Severity Vulnerability
Vulnerable Libraries - github.com/lightstep/lightstep-tracer-go/thrift_0_9_2/lib/go/thrift-v0.15.2, thrift0.11.0
github.com/lightstep/lightstep-tracer-go/thrift_0_9_2/lib/go/thrift-v0.15.2
The LightStep distributed tracing library for Go
Dependency Hierarchy:
Vulnerability Details
Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.
Publish Date: 2019-05-06
URL: CVE-2019-3564
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3564
Release Date: 2019-05-06
Fix Resolution: v2019.03.04.00
The text was updated successfully, but these errors were encountered: