Improper Input Validation

Affecting github.com/apache/thrift/lib/go/thrift package, versions >=0.9.3 <0.13.0

Do your applications use this vulnerable package? Test your applications

Overview

github.com/apache/thrift/lib/go/thrift is a Go implementation of the Apache Thrift library.

Affected versions of this package are vulnerable to Improper Input Validation. In Apache Thrift , a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.

Remediation

Upgrade github.com/apache/thrift/lib/go/thrift to version 0.13.0 or higher.

References

CVSS Score

4.8
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    None
  • Integrity
    Low
  • Availability
    Low
  • Exploit maturity
    Unproven
  • Remediation Level
    Official
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:R
Credit
Alexandre Fiori
CVE
CVE-2019-0210
CWE
CWE-20
Snyk ID
SNYK-GOLANG-GITHUBCOMAPACHETHRIFTLIBGOTHRIFT-474612
Disclosed
16 Oct, 2019
Published
30 Oct, 2019