blob: f3d774921be411e1c8e3b5e6cdf37bf9b3adb1ce [file] [log] [blame]
module: github.com/facebook/fbthrift
package: github.com/facebook/fbthrift/thrift/lib/go/thrift
versions:
- fixed: v0.31.1-0.20190225164308-c461c1bd1a3e
description: |
Skip ignores unknown fields, rather than failing. A malicious user can craft small
messages with unknown fields which can take significant resources to parse. If a
server accepts messages from an untrusted user, it may be used as a denial of service
vector.
published: 2021-04-14T12:00:00Z
cve: CVE-2019-3564
symbols:
- Skip
links:
commit: https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156
context:
- https://www.facebook.com/security/advisories/cve-2019-3564