gsd-2020-13949
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
Aliases
Aliases
{ GSD: { alias: "CVE-2020-13949", description: "In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.", id: "GSD-2020-13949", references: [ "https://www.suse.com/security/cve/CVE-2020-13949.html", "https://access.redhat.com/errata/RHSA-2021:5134", "https://access.redhat.com/errata/RHSA-2021:2543", "https://advisories.mageia.org/CVE-2020-13949.html", "https://security.archlinux.org/CVE-2020-13949", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2020-13949", ], details: "In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.", id: "GSD-2020-13949", modified: "2023-12-13T01:21:46.721859Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2020-13949", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Thrift", version: { version_data: [ { version_value: "Apache Thrift 0.9.3 to 0.13.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Potential DoS when processing untrusted Thrift payloads", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E", }, { name: "[hbase-issues] 20210215 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r143ca388b0c83fe659db14be76889d50b453b0ee06f423181f736933@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 opened a new pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3a1291a7ab8ee43db87cb0253371489810877028fc6e7c68dc640926@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210215 [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r27b7d3d95ffa8498899ef1c9de553d469f8fe857640a3f6e58dba640@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r515e01a30443cfa2dbb355c44c63149869afd684fb7b0344c58fa67b@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r93f23f74315e009f4fb68ef7fc794dceee42cf87fe6613814dcd8c70@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210215 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd78cdd87d84499a404202f015f55935db3658bd0983ecec81e6b18c6@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210215 [GitHub] [hbase] apurtell commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3f3e1d562c528b4bafef2dde51f79dd444a4b68ef24920d68068b6f9@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210215 [GitHub] [hbase] apurtell edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd49d53b146d94a7d3a135f6b505589655ffec24ea470e345d31351bb@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210216 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2d180180f37c2ab5cebd711d080d01d8452efa8ad43c5d9cd7064621@%3Cissues.hbase.apache.org%3E", }, { name: "[thrift-user] 20210217 Apache Thrift 0.14.0 Release not on Maven central", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r89fdd39965efb7c6d22bc21c286d203252cea476e1782724aca0748e@%3Cuser.thrift.apache.org%3E", }, { name: "[thrift-user] 20210224 Re: [SECURITY] CVE-2020-13949 Announcement", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rbc5cad06a46d23253a3c819229efedecfc05f89ef53f5fdde77a86d6@%3Cuser.thrift.apache.org%3E", }, { name: "[hbase-issues] 20210301 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r02f7771863383ae993eb83cdfb70c3cb65a355c913242c850f61f1b8@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210302 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r7ae909438ff5a2ffed9211e6ab0bd926396fd0b1fc33f31a406ee704@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210302 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf603d25213cfff81d6727c259328846b366fd32a43107637527c9768@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210302 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6990c849aeafe65366794bfd002febd47b7ffa8cf3c059b400bbb11d@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210302 [GitHub] [hbase] Apache9 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r298a25228868ebc0943d56c8f3641212a0962d2dbcf1507d5860038e@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210302 [GitHub] [hbase] pankaj72981 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf741d08c7e0ab1542c81ea718467422bd01159ed284796a36ad88311@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210303 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r278e96edc4bc13efb2cb1620a73e48f569162b833c6bda3e6ea18b80@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210308 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r421a9a76811c1aed7637b5fe5376ab14c09ccdd7b70d5211d6e76d1e@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210309 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1fb2d26b81c64ce96c4fd42b9e6842ff315b02c36518213b6c057350@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210310 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r286e9a13d3ab0550042997219101cb87871834b8d5ec293b0c60f009@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210310 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r117d5d2b08d505b69558a2a31b0a1cf8990cd0385060b147e70e76a9@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210311 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2f6a547f226579f542eb08793631d1f2d47d7aed7e2f9d11a4e6af9f@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210311 [GitHub] [hbase] pankaj72981 opened a new pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r449288f6a941a2585262e0f4454fdefe169d5faee33314f6f89fab30@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210311 [GitHub] [hbase] pankaj72981 closed pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3550b61639688e0efbc253c6c3e6358851c1f053109f1c149330b535@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210311 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r01b34416677f1ba869525e1b891ac66fa6f88c024ee4d7cdea6b456b@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210311 [GitHub] [hbase] Apache-HBase commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r890b8ec5203d70a59a6b1289420d46938d9029ed706aa724978789be@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210312 [GitHub] [hbase] pankaj72981 commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2ed66a3823990306b742b281af1834b9bc85f98259c870b8ffb13d93@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210312 [GitHub] [hbase] Apache-HBase commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r587b4a5bcbc290269df0906bafba074f3fe4e50d4e959212f56fa7ea@%3Cissues.hbase.apache.org%3E", }, { name: "[thrift-user] 20210312 Thrift 0.13 micro for CVE-2020-13949?", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rcdf62ecd36e39e4ff9c61802eee4927ce9ecff1602eed1493977ef4c@%3Cuser.thrift.apache.org%3E", }, { name: "[thrift-user] 20210312 RE: Thrift 0.13 micro for CVE-2020-13949?", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1504886a550426d3c05772c47b1a6350c3235e51fd1fdffbec43e974@%3Cuser.thrift.apache.org%3E", }, { name: "[hbase-issues] 20210315 [GitHub] [hbase] saintstack commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf65df763f630163a3f620887efec082080555cee1adb0b8eaf2c7ddb@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210315 [GitHub] [hbase] Apache-HBase commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rdc8e0f92d06decaee5db58de4ded16d80016a7db2240a8db17225c49@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210316 [GitHub] [hbase] pankaj72981 commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r191a9279e2863b68e5496ee4ecd8be0d4fe43b324b934f0d1f106e1d@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210316 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0372f0af2dad0b76fbd7a6cfdaad29d50384ad48dda475a5026ff9a3@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210316 [GitHub] [hbase] pankaj72981 merged pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r850522c56c05aa06391546bdb530bb8fc3437f2b77d16e571ae73309@%3Cissues.hbase.apache.org%3E", }, { name: "[thrift-notifications] 20210317 [GitHub] [thrift] cyril867 commented on pull request #2208: THRIFT-5237 Implement MAX_MESSAGE_SIZE and consolidate limits into a TConfiguration class (c_glib)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3f97dbbbb1b2a7324521208bb595392853714e141a37b8f68d395835@%3Cnotifications.thrift.apache.org%3E", }, { name: "[thrift-notifications] 20210317 [GitHub] [thrift] cyril867 edited a comment on pull request #2208: THRIFT-5237 Implement MAX_MESSAGE_SIZE and consolidate limits into a TConfiguration class (c_glib)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3e31ec7e8c39db7553be4f4fd4d27cf27c41f1ba9c985995c4ea9c5a@%3Cnotifications.thrift.apache.org%3E", }, { name: "[hbase-issues] 20210317 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r02ba8db500d15a5949e9a7742815438002ba1cf1b361bdda52ed40ca@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210318 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r8dfbefcd606af6737b62461a45a9af9222040b62eab474ff2287cf75@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210319 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra7371efd8363c1cd0f5331aafd359a808cf7277472b8616d7b392128@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210319 [jira] [Comment Edited] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r668aed02e287c93403e0b8df16089011ee4a96afc8f479809f1fc07f@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210320 RE: [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf568168e7f83871969928c0379813da6d034485f8b20fa73884816d6@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r18732bb1343894143d68db58fe4c8f56d9cd221b37f1378ed7373372@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc896ce7761999b088f3adabcb99dde2102b6a66130b8eec6c8265eab@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3084: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.4)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc7a79b08822337c68705f16ee7ddcfd352313b836e78a4b86c7a7e3d@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1456eab5f3768be69436d5b0a68b483eb316eb85eb3ef6eba156a302@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3084: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.4)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6c5b7324274fd361b038c5cc316e99344b7ae20beae7163214fac14d@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rae95c2234b6644bfd666b2671a1b42a09f38514d0f27cca3c7d5d55a@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3086: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.2)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/race178e9500ab8a5a6112667d27c48559150cadb60f2814bc67c40af@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3de0e0c26d4bd00dd28cab27fb44fba11d1c1d20275f7cce71393dd1@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3086: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.2)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r7597683cc8b87a31ec864835225a543dad112d7841bf1f17bf7eb8db@%3Cissues.hbase.apache.org%3E", }, { name: "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new issue #11028: Bump Thrift library version", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rfbb01bb85cdc2022f3b96bdc416dbfcb49a2855b3a340aa88b2e1de9@%3Ccommits.druid.apache.org%3E", }, { name: "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E", }, { name: "[hbase-issues] 20210325 [GitHub] [hbase] pankaj72981 merged pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb44ec04e5a9b1f87fef97bb5f054010cbfaa3b8586472a3a38a16fca@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-commits] 20210324 [hbase] branch branch-2.2 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3086)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r409e296c890753296c544a74d4de0d4a3ce719207a5878262fa2bd71@%3Ccommits.hbase.apache.org%3E", }, { name: "[hbase-commits] 20210324 [hbase] branch branch-2.4 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3084)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rada9d2244a66ede0be29afc5d5f178a209f9988db56b9b845d955741@%3Ccommits.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 merged pull request #3084: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.4)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb3574bc1036b577b265be510e6b208f0a5d5d84cd7198347dc8482df@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 merged pull request #3086: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.2)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r699c031e6921b0ad0f943848e7ba1d0e88c953619d47908618998f76@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-commits] 20210325 [hbase] branch branch-2.3 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3085)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r74eb88b422421c65514c23cb9c2b2216efb9254317ea1b6a264fe6dc@%3Ccommits.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210325 [GitHub] [hbase] pankaj72981 commented on pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1dea91f0562e0a960b45b1c5635b2a47b258b77171334276bcf260a7@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210325 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9b51e7c253cb0989b4c03ed9f4e5f0478e427473357209ccc4d08ebf@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210325 [GitHub] [hbase] Apache-HBase commented on pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rad635e16b300cf434280001ee6ecd2ed2c70987bf16eb862bfa86e02@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210325 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra3f7f06a1759c8e2985ed24ae2f5483393c744c1956d661adc873f2c@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-commits] 20210326 [hbase] branch branch-2 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3083)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd370fdb419652c5219409b315a6349b07a7e479bd3f151e9a5671774@%3Ccommits.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210326 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc48ab5455bdece9a4afab53ca0f1e4f742d5baacb241323454a87b4e@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210326 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4fa53eacca2ac38904f38dc226caebb3f2f668b2da887f2fd416f4a7@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210326 [GitHub] [hbase] pankaj72981 merged pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r08a7bd19470ef8950d58cc9d9e7b02bc69c43f56c601989a7729cce5@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210326 [GitHub] [hbase] pankaj72981 commented on pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rdcf00186c34d69826d9c6b1f010136c98b00a586136de0061f7d267e@%3Cissues.hbase.apache.org%3E", }, { name: "[solr-issues] 20210407 [jira] [Created] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra9f7c755790313e1adb95d29794043fb102029e803daf4212ae18063@%3Cissues.solr.apache.org%3E", }, { name: "[hbase-issues] 20210415 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r13f40151513ff095a44a86556c65597a7e55c00f5e19764a05530266@%3Cissues.hbase.apache.org%3E", }, { name: "[solr-issues] 20210420 [jira] [Commented] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r886b6d9a89b6fa0aafbf0a8f8f14351548d6c6f027886a3646dbd075@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210507 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb91c32194eb5006f0b0c8bcdbd512c13495a1b277d4d51d45687f036@%3Cissues.solr.apache.org%3E", }, { name: "[hive-dev] 20210510 [jira] [Created] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.0 due", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rcace846f74ea9e2af2f7c30cef0796724aa74089f109c8029b850163@%3Cdev.hive.apache.org%3E", }, { name: "[hive-issues] 20210510 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.0", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r635133a74fa07ef3331cae49a9a088365922266edd58099a6162a5d3@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210510 [jira] [Assigned] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.0 due", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r15eed5d21e16a5cce810c1e096ffcffc36cd08c2f78ce2f9b24b4a6a@%3Cissues.hive.apache.org%3E", }, { name: "[druid-commits] 20210513 [GitHub] [druid] clintropolis opened a new pull request #11250: suppress CVE-2020-13949 again for a time", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rbfbb81e7fb5d5009caf25798f02f42a7bd064a316097303ba2f9ed76@%3Ccommits.druid.apache.org%3E", }, { name: "[druid-commits] 20210513 [GitHub] [druid] clintropolis merged pull request #11251: [Backport] suppress CVE-2020-13949 again for a time", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r8897a41f50d4eb19b268bde99328e943ba586f77779efa6de720c39f@%3Ccommits.druid.apache.org%3E", }, { name: "[druid-commits] 20210513 [GitHub] [druid] clintropolis commented on pull request #11251: [Backport] suppress CVE-2020-13949 again for a time", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc7a241e0af086b226ff9ccabc4a243d206f0f887037994bfd8fcaaeb@%3Ccommits.druid.apache.org%3E", }, { name: "[druid-commits] 20210513 [GitHub] [druid] clintropolis merged pull request #11250: suppress CVE-2020-13949 again for a time", refsource: "MLIST", url: "https://lists.apache.org/thread.html/raea1bb8cf2eb39c5e10543f547bdbbdbb563c2ac6377652f161d4e37@%3Ccommits.druid.apache.org%3E", }, { name: "[druid-commits] 20210513 [GitHub] [druid] clintropolis opened a new pull request #11251: [Backport] suppress CVE-2020-13949 again for a time", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r179119bbfb5610499286a84c316f6789c5afbfa5340edec6eb28d027@%3Ccommits.druid.apache.org%3E", }, { name: "[hive-issues] 20210517 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb51977d392b01434b0b5df5c19b9ad5b6178cfea59e676c14f24c053@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210530 [jira] [Work started] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r741364444c3b238ab4a161f67f0d3a8f68acc517a39e6a93aa85d753@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210530 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rcae4c66f67e701db44d742156dee1f3e5e4e07ad7ce10c740a76b669@%3Cissues.hive.apache.org%3E", }, { name: "[pulsar-commits] 20210607 [GitHub] [pulsar] lhotari commented on issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210, CVE-2019-0205 and CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9@%3Ccommits.pulsar.apache.org%3E", }, { name: "[hive-issues] 20210609 [jira] [Work logged] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r950ced188d62320fdb84d9e2c6ba896328194952eff7430c4f55e4b0@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210609 [jira] [Resolved] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r62aa6d07b23095d980f348d330ed766560f9a9e940fec051f534ce37@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210609 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r12090c81b67d21a814de6cf54428934a5e5613fde222759bbb05e99b@%3Cissues.hive.apache.org%3E", }, { name: "[solr-issues] 20210623 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r20f6f8f8cf07986dc5304baed3bf4d8a1c4cf135ff6fe3640be4d7ec@%3Cissues.solr.apache.org%3E", }, { name: "GLSA-202107-32", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-32", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[solr-issues] 20210819 [GitHub] [solr] janhoy opened a new pull request #268: SOLR-15324 Upgrade Jaeger dependency from 1.1.0 to 1.6.0", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r869331422580d35b4e65bd74cf3090298c4651bf4f31bfb19ae769da@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210819 [jira] [Commented] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r90b4473950e26607ed77f3d70f120166f6a36a3f80888e4eeabcaf91@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210819 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4d90b6d8de9697beb38814596d3a0d4994fa9aba1f6731a2c648d3ae@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210819 [jira] [Assigned] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd0734d91f16d5b050f0bcff78b4719300042a34fadf5e52d0edf898e@%3Cissues.solr.apache.org%3E", }, { name: "[camel-commits] 20210823 [GitHub] [camel] zhfeng opened a new pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r72c3d1582d50b2ca7dd1ee97e81c847a5cf3458be26d42653c39d7a6@%3Ccommits.camel.apache.org%3E", }, { name: "[camel-commits] 20210823 [GitHub] [camel] zhfeng commented on pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r533a172534ae67f6f17c4d33a1b814d3d5ada9ccd4eb442249f33fa2@%3Ccommits.camel.apache.org%3E", }, { name: "[camel-commits] 20210823 [GitHub] [camel] zhfeng merged pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf75979ae0ffd526f3afa935a8f0ee13c82808ea8b2bc0325eb9dcd90@%3Ccommits.camel.apache.org%3E", }, { name: "[camel-commits] 20210823 [camel] branch main updated: CAMEL-16880: camel-thrift - Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949 (#5976)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r17cca685ad53bc8300ee7fcfe874cb784a222343f217dd076e7dc1b6@%3Ccommits.camel.apache.org%3E", }, { name: "[camel-commits] 20210824 [GitHub] [camel] oscerd commented on pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r812915ecfa541ad2ca65c68a97b2c014dc87141dfaefc4de85049681@%3Ccommits.camel.apache.org%3E", }, { name: "[camel-commits] 20210824 [GitHub] [camel] zhfeng commented on pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r196409cc4df929d540a2e66169104f2b3b258d8bd96b5f083c59ee51@%3Ccommits.camel.apache.org%3E", }, { name: "[solr-issues] 20210825 [jira] [Commented] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9ec75f690dd60fec8621ba992290962705d5b7f0d8fd0a42fab0ac9f@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210825 [jira] [Resolved] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1084a911dff90b2733b442ee0f5929d19b168035d447f2d25f534fe4@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210825 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6ba4f0817f98bf7c1cb314301cb7a24ba11a0b3e7a5be8b0ae3190b0@%3Cissues.solr.apache.org%3E", }, { name: "[thrift-user] 20210927 Analysis and guidelines concerning CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6ae3c68b0bfe430fb32f24236475276b6302bed625b23f53b68748b5@%3Cuser.thrift.apache.org%3E", }, { name: "[thrift-user] 20211004 Re: Analysis and guidelines concerning CVE-2020-13949", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r995b945cc8f6ec976d8c52d42ba931a688b45fb32cbdde715b6a816a@%3Cuser.thrift.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: ">=0.9.3 <=0.13.0", affected_versions: "All versions starting from 0.9.3 up to 0.13.0", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:N/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", cwe_ids: [ "CWE-1035", "CWE-400", "CWE-937", ], date: "2021-03-04", description: "In Apache Thrift, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.", fixed_versions: [], identifier: "CVE-2020-13949", identifiers: [ "CVE-2020-13949", ], not_impacted: "", package_slug: "conan/thrift", pubdate: "2021-02-12", solution: "Unfortunately, there is no solution available yet.", title: "Uncontrolled Resource Consumption", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-13949", ], uuid: "07f66fcd-a721-4399-b0ae-2454fc480029", }, { affected_range: ">=v0.9.3 <=v0.13.0", affected_versions: "All versions starting from 0.9.3 up to 0.13.0", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:N/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", cwe_ids: [ "CWE-1035", "CWE-400", "CWE-937", ], date: "2021-03-04", description: "In Apache Thrift to, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.", fixed_versions: [ "v0.14.0", ], identifier: "CVE-2020-13949", identifiers: [ "CVE-2020-13949", ], not_impacted: "All versions before 0.9.3, all versions after 0.13.0", package_slug: "go/github.com/apache/thrift/lib/go/thrift", pubdate: "2021-02-12", solution: "Upgrade to version 0.14.0 or above.", title: "Uncontrolled Resource Consumption", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-13949", ], uuid: "22fb5cb6-3f1c-4e8a-b68e-66fca83cace0", versions: [ { commit: { sha: "ef5bdf0a1d11e86dbaa377a61f6a2d492578408c", tags: [ "0.9.3", ], timestamp: "20151001171628", }, number: "v0.9.3", }, { commit: { sha: "b0c0a3be3e395315c12de04af686c6c857614d59", tags: [ "v0.13.0", ], timestamp: "20191011170555", }, number: "v0.13.0", }, { commit: { sha: "8411e189b0af09e5baad34031555870cf692c1ad", tags: [ "v0.14.0", ], timestamp: "20210204231359", }, number: "v0.14.0", }, ], }, { affected_range: "[0.9.3,0.13.0]", affected_versions: "All versions starting from 0.9.3 up to 0.13.0", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:N/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", cwe_ids: [ "CWE-1035", "CWE-400", "CWE-937", ], date: "2021-10-04", description: "In Apache Thrift, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.", fixed_versions: [ "0.14.0", ], identifier: "CVE-2020-13949", identifiers: [ "CVE-2020-13949", ], not_impacted: "All versions before 0.9.3, all versions after 0.13.0", package_slug: "maven/org.apache.thrift/libthrift", pubdate: "2021-02-12", solution: "Upgrade to version 0.14.0 or above.", title: "Uncontrolled Resource Consumption", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-13949", ], uuid: "c52f84f5-fed2-457c-803f-45515da00cc8", }, { affected_range: "<0", affected_versions: "None", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:N/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", cwe_ids: [ "CWE-1035", "CWE-400", "CWE-937", ], date: "2021-03-04", description: "This advisory has been marked as a false positive.", fixed_versions: [], identifier: "CVE-2020-13949", identifiers: [ "CVE-2020-13949", ], not_impacted: "", package_slug: "npm/thrift", pubdate: "2021-02-12", solution: "Nothing to be done", title: "Uncontrolled Resource Consumption", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-13949", ], uuid: "1a3aaa06-6c39-4a04-bf46-ab77c9c85c68", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:hive:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:thrift:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "0.13.0", versionStartIncluding: "0.9.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2020-13949", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-400", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E", refsource: "MISC", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E", }, { name: "[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 opened a new pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r3a1291a7ab8ee43db87cb0253371489810877028fc6e7c68dc640926@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210215 [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r27b7d3d95ffa8498899ef1c9de553d469f8fe857640a3f6e58dba640@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210215 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r143ca388b0c83fe659db14be76889d50b453b0ee06f423181f736933@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r515e01a30443cfa2dbb355c44c63149869afd684fb7b0344c58fa67b@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r93f23f74315e009f4fb68ef7fc794dceee42cf87fe6613814dcd8c70@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210215 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rd78cdd87d84499a404202f015f55935db3658bd0983ecec81e6b18c6@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210215 [GitHub] [hbase] apurtell edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rd49d53b146d94a7d3a135f6b505589655ffec24ea470e345d31351bb@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210215 [GitHub] [hbase] apurtell commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r3f3e1d562c528b4bafef2dde51f79dd444a4b68ef24920d68068b6f9@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210216 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r2d180180f37c2ab5cebd711d080d01d8452efa8ad43c5d9cd7064621@%3Cissues.hbase.apache.org%3E", }, { name: "[thrift-user] 20210217 Apache Thrift 0.14.0 Release not on Maven central", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r89fdd39965efb7c6d22bc21c286d203252cea476e1782724aca0748e@%3Cuser.thrift.apache.org%3E", }, { name: "[thrift-user] 20210224 Re: [SECURITY] CVE-2020-13949 Announcement", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rbc5cad06a46d23253a3c819229efedecfc05f89ef53f5fdde77a86d6@%3Cuser.thrift.apache.org%3E", }, { name: "[hbase-issues] 20210301 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Exploit", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r02f7771863383ae993eb83cdfb70c3cb65a355c913242c850f61f1b8@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210302 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Exploit", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r7ae909438ff5a2ffed9211e6ab0bd926396fd0b1fc33f31a406ee704@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210302 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rf603d25213cfff81d6727c259328846b366fd32a43107637527c9768@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210302 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r6990c849aeafe65366794bfd002febd47b7ffa8cf3c059b400bbb11d@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210302 [GitHub] [hbase] Apache9 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r298a25228868ebc0943d56c8f3641212a0962d2dbcf1507d5860038e@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210302 [GitHub] [hbase] pankaj72981 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rf741d08c7e0ab1542c81ea718467422bd01159ed284796a36ad88311@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210303 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r278e96edc4bc13efb2cb1620a73e48f569162b833c6bda3e6ea18b80@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210308 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r421a9a76811c1aed7637b5fe5376ab14c09ccdd7b70d5211d6e76d1e@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210309 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r1fb2d26b81c64ce96c4fd42b9e6842ff315b02c36518213b6c057350@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210310 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r286e9a13d3ab0550042997219101cb87871834b8d5ec293b0c60f009@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210310 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r117d5d2b08d505b69558a2a31b0a1cf8990cd0385060b147e70e76a9@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210311 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r2f6a547f226579f542eb08793631d1f2d47d7aed7e2f9d11a4e6af9f@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210311 [GitHub] [hbase] pankaj72981 opened a new pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r449288f6a941a2585262e0f4454fdefe169d5faee33314f6f89fab30@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210311 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r01b34416677f1ba869525e1b891ac66fa6f88c024ee4d7cdea6b456b@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210311 [GitHub] [hbase] pankaj72981 closed pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r3550b61639688e0efbc253c6c3e6358851c1f053109f1c149330b535@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210311 [GitHub] [hbase] Apache-HBase commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r890b8ec5203d70a59a6b1289420d46938d9029ed706aa724978789be@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210312 [GitHub] [hbase] pankaj72981 commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r2ed66a3823990306b742b281af1834b9bc85f98259c870b8ffb13d93@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210312 [GitHub] [hbase] Apache-HBase commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r587b4a5bcbc290269df0906bafba074f3fe4e50d4e959212f56fa7ea@%3Cissues.hbase.apache.org%3E", }, { name: "[thrift-user] 20210312 Thrift 0.13 micro for CVE-2020-13949?", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rcdf62ecd36e39e4ff9c61802eee4927ce9ecff1602eed1493977ef4c@%3Cuser.thrift.apache.org%3E", }, { name: "[thrift-user] 20210312 RE: Thrift 0.13 micro for CVE-2020-13949?", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r1504886a550426d3c05772c47b1a6350c3235e51fd1fdffbec43e974@%3Cuser.thrift.apache.org%3E", }, { name: "[hbase-issues] 20210315 [GitHub] [hbase] saintstack commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rf65df763f630163a3f620887efec082080555cee1adb0b8eaf2c7ddb@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210315 [GitHub] [hbase] Apache-HBase commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rdc8e0f92d06decaee5db58de4ded16d80016a7db2240a8db17225c49@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210316 [GitHub] [hbase] pankaj72981 commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r191a9279e2863b68e5496ee4ecd8be0d4fe43b324b934f0d1f106e1d@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210316 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r0372f0af2dad0b76fbd7a6cfdaad29d50384ad48dda475a5026ff9a3@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210316 [GitHub] [hbase] pankaj72981 merged pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r850522c56c05aa06391546bdb530bb8fc3437f2b77d16e571ae73309@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210317 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r02ba8db500d15a5949e9a7742815438002ba1cf1b361bdda52ed40ca@%3Cissues.hbase.apache.org%3E", }, { name: "[thrift-notifications] 20210317 [GitHub] [thrift] cyril867 edited a comment on pull request #2208: THRIFT-5237 Implement MAX_MESSAGE_SIZE and consolidate limits into a TConfiguration class (c_glib)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r3e31ec7e8c39db7553be4f4fd4d27cf27c41f1ba9c985995c4ea9c5a@%3Cnotifications.thrift.apache.org%3E", }, { name: "[thrift-notifications] 20210317 [GitHub] [thrift] cyril867 commented on pull request #2208: THRIFT-5237 Implement MAX_MESSAGE_SIZE and consolidate limits into a TConfiguration class (c_glib)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r3f97dbbbb1b2a7324521208bb595392853714e141a37b8f68d395835@%3Cnotifications.thrift.apache.org%3E", }, { name: "[hbase-issues] 20210318 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r8dfbefcd606af6737b62461a45a9af9222040b62eab474ff2287cf75@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210319 [jira] [Comment Edited] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r668aed02e287c93403e0b8df16089011ee4a96afc8f479809f1fc07f@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210319 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/ra7371efd8363c1cd0f5331aafd359a808cf7277472b8616d7b392128@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210320 RE: [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rf568168e7f83871969928c0379813da6d034485f8b20fa73884816d6@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r18732bb1343894143d68db58fe4c8f56d9cd221b37f1378ed7373372@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rc896ce7761999b088f3adabcb99dde2102b6a66130b8eec6c8265eab@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3084: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.4)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rc7a79b08822337c68705f16ee7ddcfd352313b836e78a4b86c7a7e3d@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3084: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.4)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r6c5b7324274fd361b038c5cc316e99344b7ae20beae7163214fac14d@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rae95c2234b6644bfd666b2671a1b42a09f38514d0f27cca3c7d5d55a@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3086: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.2)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/race178e9500ab8a5a6112667d27c48559150cadb60f2814bc67c40af@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r1456eab5f3768be69436d5b0a68b483eb316eb85eb3ef6eba156a302@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r3de0e0c26d4bd00dd28cab27fb44fba11d1c1d20275f7cce71393dd1@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3086: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.2)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r7597683cc8b87a31ec864835225a543dad112d7841bf1f17bf7eb8db@%3Cissues.hbase.apache.org%3E", }, { name: "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new issue #11028: Bump Thrift library version", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rfbb01bb85cdc2022f3b96bdc416dbfcb49a2855b3a340aa88b2e1de9@%3Ccommits.druid.apache.org%3E", }, { name: "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E", }, { name: "[hbase-issues] 20210325 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r9b51e7c253cb0989b4c03ed9f4e5f0478e427473357209ccc4d08ebf@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210325 [GitHub] [hbase] pankaj72981 commented on pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r1dea91f0562e0a960b45b1c5635b2a47b258b77171334276bcf260a7@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 merged pull request #3084: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.4)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rb3574bc1036b577b265be510e6b208f0a5d5d84cd7198347dc8482df@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-commits] 20210324 [hbase] branch branch-2.2 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3086)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r409e296c890753296c544a74d4de0d4a3ce719207a5878262fa2bd71@%3Ccommits.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210325 [GitHub] [hbase] pankaj72981 merged pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rb44ec04e5a9b1f87fef97bb5f054010cbfaa3b8586472a3a38a16fca@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 merged pull request #3086: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.2)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r699c031e6921b0ad0f943848e7ba1d0e88c953619d47908618998f76@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-commits] 20210325 [hbase] branch branch-2.3 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3085)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r74eb88b422421c65514c23cb9c2b2216efb9254317ea1b6a264fe6dc@%3Ccommits.hbase.apache.org%3E", }, { name: "[hbase-commits] 20210324 [hbase] branch branch-2.4 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3084)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rada9d2244a66ede0be29afc5d5f178a209f9988db56b9b845d955741@%3Ccommits.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210325 [GitHub] [hbase] Apache-HBase commented on pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rad635e16b300cf434280001ee6ecd2ed2c70987bf16eb862bfa86e02@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210325 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/ra3f7f06a1759c8e2985ed24ae2f5483393c744c1956d661adc873f2c@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-commits] 20210326 [hbase] branch branch-2 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3083)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rd370fdb419652c5219409b315a6349b07a7e479bd3f151e9a5671774@%3Ccommits.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210326 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rc48ab5455bdece9a4afab53ca0f1e4f742d5baacb241323454a87b4e@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210326 [GitHub] [hbase] pankaj72981 merged pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r08a7bd19470ef8950d58cc9d9e7b02bc69c43f56c601989a7729cce5@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210326 [GitHub] [hbase] pankaj72981 commented on pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rdcf00186c34d69826d9c6b1f010136c98b00a586136de0061f7d267e@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210326 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r4fa53eacca2ac38904f38dc226caebb3f2f668b2da887f2fd416f4a7@%3Cissues.hbase.apache.org%3E", }, { name: "[solr-issues] 20210407 [jira] [Created] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/ra9f7c755790313e1adb95d29794043fb102029e803daf4212ae18063@%3Cissues.solr.apache.org%3E", }, { name: "[hbase-issues] 20210415 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r13f40151513ff095a44a86556c65597a7e55c00f5e19764a05530266@%3Cissues.hbase.apache.org%3E", }, { name: "[solr-issues] 20210420 [jira] [Commented] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r886b6d9a89b6fa0aafbf0a8f8f14351548d6c6f027886a3646dbd075@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210507 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rb91c32194eb5006f0b0c8bcdbd512c13495a1b277d4d51d45687f036@%3Cissues.solr.apache.org%3E", }, { name: "[hive-issues] 20210510 [jira] [Assigned] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.0 due", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r15eed5d21e16a5cce810c1e096ffcffc36cd08c2f78ce2f9b24b4a6a@%3Cissues.hive.apache.org%3E", }, { name: "[hive-dev] 20210510 [jira] [Created] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.0 due", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rcace846f74ea9e2af2f7c30cef0796724aa74089f109c8029b850163@%3Cdev.hive.apache.org%3E", }, { name: "[hive-issues] 20210510 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.0", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r635133a74fa07ef3331cae49a9a088365922266edd58099a6162a5d3@%3Cissues.hive.apache.org%3E", }, { name: "[druid-commits] 20210513 [GitHub] [druid] clintropolis opened a new pull request #11250: suppress CVE-2020-13949 again for a time", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rbfbb81e7fb5d5009caf25798f02f42a7bd064a316097303ba2f9ed76@%3Ccommits.druid.apache.org%3E", }, { name: "[druid-commits] 20210513 [GitHub] [druid] clintropolis merged pull request #11250: suppress CVE-2020-13949 again for a time", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/raea1bb8cf2eb39c5e10543f547bdbbdbb563c2ac6377652f161d4e37@%3Ccommits.druid.apache.org%3E", }, { name: "[druid-commits] 20210513 [GitHub] [druid] clintropolis merged pull request #11251: [Backport] suppress CVE-2020-13949 again for a time", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r8897a41f50d4eb19b268bde99328e943ba586f77779efa6de720c39f@%3Ccommits.druid.apache.org%3E", }, { name: "[druid-commits] 20210513 [GitHub] [druid] clintropolis opened a new pull request #11251: [Backport] suppress CVE-2020-13949 again for a time", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r179119bbfb5610499286a84c316f6789c5afbfa5340edec6eb28d027@%3Ccommits.druid.apache.org%3E", }, { name: "[druid-commits] 20210513 [GitHub] [druid] clintropolis commented on pull request #11251: [Backport] suppress CVE-2020-13949 again for a time", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rc7a241e0af086b226ff9ccabc4a243d206f0f887037994bfd8fcaaeb@%3Ccommits.druid.apache.org%3E", }, { name: "[hive-issues] 20210517 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rb51977d392b01434b0b5df5c19b9ad5b6178cfea59e676c14f24c053@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210530 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rcae4c66f67e701db44d742156dee1f3e5e4e07ad7ce10c740a76b669@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210530 [jira] [Work started] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r741364444c3b238ab4a161f67f0d3a8f68acc517a39e6a93aa85d753@%3Cissues.hive.apache.org%3E", }, { name: "[pulsar-commits] 20210607 [GitHub] [pulsar] lhotari commented on issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210, CVE-2019-0205 and CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9@%3Ccommits.pulsar.apache.org%3E", }, { name: "[hive-issues] 20210609 [jira] [Work logged] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r950ced188d62320fdb84d9e2c6ba896328194952eff7430c4f55e4b0@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210609 [jira] [Resolved] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r62aa6d07b23095d980f348d330ed766560f9a9e940fec051f534ce37@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210609 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r12090c81b67d21a814de6cf54428934a5e5613fde222759bbb05e99b@%3Cissues.hive.apache.org%3E", }, { name: "[solr-issues] 20210623 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r20f6f8f8cf07986dc5304baed3bf4d8a1c4cf135ff6fe3640be4d7ec@%3Cissues.solr.apache.org%3E", }, { name: "GLSA-202107-32", refsource: "GENTOO", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-32", }, { name: "N/A", refsource: "N/A", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[solr-issues] 20210819 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r4d90b6d8de9697beb38814596d3a0d4994fa9aba1f6731a2c648d3ae@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210819 [GitHub] [solr] janhoy opened a new pull request #268: SOLR-15324 Upgrade Jaeger dependency from 1.1.0 to 1.6.0", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r869331422580d35b4e65bd74cf3090298c4651bf4f31bfb19ae769da@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210819 [jira] [Commented] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r90b4473950e26607ed77f3d70f120166f6a36a3f80888e4eeabcaf91@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210819 [jira] [Assigned] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rd0734d91f16d5b050f0bcff78b4719300042a34fadf5e52d0edf898e@%3Cissues.solr.apache.org%3E", }, { name: "[camel-commits] 20210823 [GitHub] [camel] zhfeng commented on pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r533a172534ae67f6f17c4d33a1b814d3d5ada9ccd4eb442249f33fa2@%3Ccommits.camel.apache.org%3E", }, { name: "[camel-commits] 20210823 [GitHub] [camel] zhfeng opened a new pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r72c3d1582d50b2ca7dd1ee97e81c847a5cf3458be26d42653c39d7a6@%3Ccommits.camel.apache.org%3E", }, { name: "[camel-commits] 20210823 [GitHub] [camel] zhfeng merged pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rf75979ae0ffd526f3afa935a8f0ee13c82808ea8b2bc0325eb9dcd90@%3Ccommits.camel.apache.org%3E", }, { name: "[camel-commits] 20210823 [camel] branch main updated: CAMEL-16880: camel-thrift - Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949 (#5976)", refsource: "MLIST", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r17cca685ad53bc8300ee7fcfe874cb784a222343f217dd076e7dc1b6@%3Ccommits.camel.apache.org%3E", }, { name: "[camel-commits] 20210824 [GitHub] [camel] oscerd commented on pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949", refsource: "MLIST", tags: [ "Exploit", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r812915ecfa541ad2ca65c68a97b2c014dc87141dfaefc4de85049681@%3Ccommits.camel.apache.org%3E", }, { name: "[camel-commits] 20210824 [GitHub] [camel] zhfeng commented on pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r196409cc4df929d540a2e66169104f2b3b258d8bd96b5f083c59ee51@%3Ccommits.camel.apache.org%3E", }, { name: "[solr-issues] 20210825 [jira] [Resolved] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r1084a911dff90b2733b442ee0f5929d19b168035d447f2d25f534fe4@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210825 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r6ba4f0817f98bf7c1cb314301cb7a24ba11a0b3e7a5be8b0ae3190b0@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210825 [jira] [Commented] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r9ec75f690dd60fec8621ba992290962705d5b7f0d8fd0a42fab0ac9f@%3Cissues.solr.apache.org%3E", }, { name: "[thrift-user] 20210927 Analysis and guidelines concerning CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r6ae3c68b0bfe430fb32f24236475276b6302bed625b23f53b68748b5@%3Cuser.thrift.apache.org%3E", }, { name: "[thrift-user] 20211004 Re: Analysis and guidelines concerning CVE-2020-13949", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r995b945cc8f6ec976d8c52d42ba931a688b45fb32cbdde715b6a816a@%3Cuser.thrift.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, }, }, lastModifiedDate: "2022-04-04T13:32Z", publishedDate: "2021-02-12T20:15Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.