blob: 211bce153e391ad654fd61885bfc44947d9e70fb [file] [log] [blame]
module: github.com/facebook/fbthrift
package: github.com/facebook/fbthrift/thrift/lib/go/thrift
versions:
- fixed: v0.31.1-0.20190225164308-c461c1bd1a3e
description: |
Skip ignores unknown fields, rather than failing. A malicious user can craft small
messages with unknown fields which can take significant resources to parse. If a
server accepts messages from an untrusted user, it may be used as a denial of service
vector.
cves:
- CVE-2019-3564
symbols:
- Skip
links:
commit: https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156
context:
- https://www.facebook.com/security/advisories/cve-2019-3564