reports/GO-2021-0088.yaml - vulndb - Git at Google

 packages:
   - module: github.com/facebook/fbthrift
     package: github.com/facebook/fbthrift/thrift/lib/go/thrift
     symbols:
       - Skip
     versions:
       - fixed: 0.31.1-0.20190225164308-c461c1bd1a3e
 description: |
     Skip ignores unknown fields, rather than failing. A malicious user can craft small
     messages with unknown fields which can take significant resources to parse. If a
     server accepts messages from an untrusted user, it may be used as a denial of service
     vector.
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2019-3564
 ghsas:
   - GHSA-x4rg-4545-4w7w
 links:
     commit: https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156
     context:
       - https://www.facebook.com/security/advisories/cve-2019-3564
	packages:
	- module: github.com/facebook/fbthrift
	package: github.com/facebook/fbthrift/thrift/lib/go/thrift
	symbols:
	- Skip
	versions:
	- fixed: 0.31.1-0.20190225164308-c461c1bd1a3e
	description: \|
	Skip ignores unknown fields, rather than failing. A malicious user can craft small
	messages with unknown fields which can take significant resources to parse. If a
	server accepts messages from an untrusted user, it may be used as a denial of service
	vector.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2019-3564
	ghsas:
	- GHSA-x4rg-4545-4w7w
	links:
	commit: https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156
	context:
	- https://www.facebook.com/security/advisories/cve-2019-3564