| module: github.com/facebook/fbthrift |
| package: github.com/facebook/fbthrift/thrift/lib/go/thrift |
| versions: |
| - fixed: v0.31.1-0.20190225164308-c461c1bd1a3e |
| description: | |
| Skip ignores unknown fields, rather than failing. A malicious user can craft small |
| messages with unknown fields which can take significant resources to parse. If a |
| server accepts messages from an untrusted user, it may be used as a denial of service |
| vector. |
| cves: |
| - CVE-2019-3564 |
| symbols: |
| - Skip |
| links: |
| commit: https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156 |
| context: |
| - https://www.facebook.com/security/advisories/cve-2019-3564 |