Vulnerability in Apache Thrift
CVE-2019-0210
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.
EPSS: 0.012 (79.2th percentile) — read the EPSS interpretation.
Affected products
- Apache Thrift — versions 0.9.3 to 0.12.0
Public proof-of-concept exploits
References
- RHSA-2020:0806 (vendor-advisory, x_refsource_REDHAT)
- RHSA-2020:0811 (vendor-advisory, x_refsource_REDHAT)
- RHSA-2020:0804 (vendor-advisory, x_refsource_REDHAT)
- RHSA-2020:0805 (vendor-advisory, x_refsource_REDHAT)
- [pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210 and CVE-2019-0205 (mailing-list, x_refsource_MLIST)
- [pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210 and CVE-2019-0205 (mailing-list, x_refsource_MLIST)
- [pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210 and CVE-2019-0205 (mailing-list, x_refsource_MLIST)
- [pulsar-commits] 20210607 [GitHub] [pulsar] lhotari commented on issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210, CVE-2019-0205 and CVE-2020-13949 (mailing-list, x_refsource_MLIST)
- GLSA-202107-32 (vendor-advisory, x_refsource_GENTOO)
- www.oracle.com//security-alerts/cpujul2021.html (x_refsource_MISC)
Frequently asked questions
- What is CVE-2019-0210?
- CVE-2019-0210 is a vulnerability in Apache Thrift. Published 2019-10-28.
- Is CVE-2019-0210 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.