blob: 552daf017a2d738034173e56c0b920cb0853ac23 [file] [log] [blame]
module = "github.com/facebook/fbthrift"
package = "github.com/facebook/fbthrift/thrift/lib/go/thrift"
description = """
Skip ignores unknown fields, rather than failing. A malicious user can craft small
messages with unknown fields which can take significant resources to parse. If a
server accepts messages from an untrusted user, it may be used as a denial of service
vector.
"""
cve = "CVE-2019-3564"
symbols = ["Skip"]
[[versions]]
fixed = "v0.31.1-0.20190225164308-c461c1bd1a3e"
[links]
commit = "https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156"
context = ["https://www.facebook.com/security/advisories/cve-2019-3564"]