| module = "github.com/facebook/fbthrift" |
| package = "github.com/facebook/fbthrift/thrift/lib/go/thrift" |
| |
| description = """ |
| Skip ignores unknown fields, rather than failing. A malicious user can craft small |
| messages with unknown fields which can take significant resources to parse. If a |
| server accepts messages from an untrusted user, it may be used as a denial of service |
| vector. |
| """ |
| |
| cve = "CVE-2019-3564" |
| |
| symbols = ["Skip"] |
| |
| [[versions]] |
| fixed = "v0.31.1-0.20190225164308-c461c1bd1a3e" |
| |
| [links] |
| commit = "https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156" |
| context = ["https://www.facebook.com/security/advisories/cve-2019-3564"] |