You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by Jens Geyer <je...@apache.org> on 2019/10/16 22:46:17 UTC
Subject: [SECURITY] CVE-2019-0210 Announcement
CVE-2019-0210: Apache Thrift out-of-bounds read vulnerability
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Thrift 0.9.3 to 0.12.0
Description:
A server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.
Mitigation:
Upgrade to version 0.13.0
Credit:
This issue was reported by Alexandre Fiori of Facebook.
On behalf of the Apache Thrift PMC,
Jens Geyer