GHSA-vx85-mj8c-4qm6
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vx85-mj8c-4qm6
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-vx85-mj8c-4qm6/GHSA-vx85-mj8c-4qm6.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vx85-mj8c-4qm6
- Aliases
- Related
- Published
- 2019-01-17T13:56:33Z
- Modified
- 2024-02-16T08:22:18.795904Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Apache Thrift Node.js static web server sandbox escape
- Details
-
The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.
- Database specific
{ "github_reviewed": true, "nvd_published_at": null, "github_reviewed_at": "2020-06-16T21:58:46Z", "severity": "MODERATE", "cwe_ids": [ "CWE-538" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-11798
- https://github.com/apache/thrift/pull/1606
- https://github.com/apache/thrift/commit/2a2b72f6c8aef200ecee4984f011e06052288ff2
- https://access.redhat.com/errata/RHSA-2019:1545
- https://access.redhat.com/errata/RHSA-2019:3140
- https://github.com/advisories/GHSA-vx85-mj8c-4qm6
- https://issues.apache.org/jira/browse/THRIFT-4647
- https://lists.apache.org/thread.html/6e9edd282684896cedf615fb67a02bebfe6007f2d5baf03ba52e34fd@%3Cuser.thrift.apache.org%3E
- https://web.archive.org/web/20200227094236/http://www.securityfocus.com/bid/106501
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Affected packages
Maven / org.apache.thrift:libthrift
Package
- Name
- org.apache.thrift:libthrift
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.thrift/libthrift