reports/GO-2021-0088.yaml - vulndb - Git at Google

 module: github.com/facebook/fbthrift
 package: github.com/facebook/fbthrift/thrift/lib/go/thrift
 versions:
   - fixed: v0.31.1-0.20190225164308-c461c1bd1a3e
 description: |
     Skip ignores unknown fields, rather than failing. A malicious user can craft small
     messages with unknown fields which can take significant resources to parse. If a
     server accepts messages from an untrusted user, it may be used as a denial of service
     vector.
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2019-3564
 symbols:
   - Skip
 links:
     commit: https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156
     context:
       - https://www.facebook.com/security/advisories/cve-2019-3564
	module: github.com/facebook/fbthrift
	package: github.com/facebook/fbthrift/thrift/lib/go/thrift
	versions:
	- fixed: v0.31.1-0.20190225164308-c461c1bd1a3e
	description: \|
	Skip ignores unknown fields, rather than failing. A malicious user can craft small
	messages with unknown fields which can take significant resources to parse. If a
	server accepts messages from an untrusted user, it may be used as a denial of service
	vector.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2019-3564
	symbols:
	- Skip
	links:
	commit: https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156
	context:
	- https://www.facebook.com/security/advisories/cve-2019-3564