reports/GO-2021-0088.toml - vulndb - Git at Google

 module = "github.com/facebook/fbthrift"
 package = "github.com/facebook/fbthrift/thrift/lib/go/thrift"

 description = """
 Skip ignores unknown fields, rather than failing. A malicious user can craft small
 messages with unknown fields which can take significant resources to parse. If a
 server accepts messages from an untrusted user, it may be used as a denial of service
 vector.
 """

 cve = "CVE-2019-3564"

 symbols = ["Skip"]

 [[versions]]
 fixed = "v0.31.1-0.20190225164308-c461c1bd1a3e"

 [links]
 commit = "https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156"
 context = ["https://www.facebook.com/security/advisories/cve-2019-3564"]
	module = "github.com/facebook/fbthrift"
	package = "github.com/facebook/fbthrift/thrift/lib/go/thrift"

	description = """
	Skip ignores unknown fields, rather than failing. A malicious user can craft small
	messages with unknown fields which can take significant resources to parse. If a
	server accepts messages from an untrusted user, it may be used as a denial of service
	vector.
	"""

	cve = "CVE-2019-3564"

	symbols = ["Skip"]

	[[versions]]
	fixed = "v0.31.1-0.20190225164308-c461c1bd1a3e"

	[links]
	commit = "https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156"
	context = ["https://www.facebook.com/security/advisories/cve-2019-3564"]