gsd-2020-13949
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-13949",
"description": "In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.",
"id": "GSD-2020-13949",
"references": [
"https://www.suse.com/security/cve/CVE-2020-13949.html",
"https://access.redhat.com/errata/RHSA-2021:5134",
"https://access.redhat.com/errata/RHSA-2021:2543",
"https://advisories.mageia.org/CVE-2020-13949.html",
"https://security.archlinux.org/CVE-2020-13949"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-13949"
],
"details": "In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.",
"id": "GSD-2020-13949",
"modified": "2023-12-13T01:21:46.721859Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-13949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Thrift",
"version": {
"version_data": [
{
"version_value": "Apache Thrift 0.9.3 to 0.13.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Potential DoS when processing untrusted Thrift payloads"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E"
},
{
"name": "[hbase-issues] 20210215 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r143ca388b0c83fe659db14be76889d50b453b0ee06f423181f736933@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 opened a new pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3a1291a7ab8ee43db87cb0253371489810877028fc6e7c68dc640926@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210215 [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r27b7d3d95ffa8498899ef1c9de553d469f8fe857640a3f6e58dba640@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r515e01a30443cfa2dbb355c44c63149869afd684fb7b0344c58fa67b@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r93f23f74315e009f4fb68ef7fc794dceee42cf87fe6613814dcd8c70@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210215 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd78cdd87d84499a404202f015f55935db3658bd0983ecec81e6b18c6@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210215 [GitHub] [hbase] apurtell commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3f3e1d562c528b4bafef2dde51f79dd444a4b68ef24920d68068b6f9@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210215 [GitHub] [hbase] apurtell edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd49d53b146d94a7d3a135f6b505589655ffec24ea470e345d31351bb@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210216 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2d180180f37c2ab5cebd711d080d01d8452efa8ad43c5d9cd7064621@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[thrift-user] 20210217 Apache Thrift 0.14.0 Release not on Maven central",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r89fdd39965efb7c6d22bc21c286d203252cea476e1782724aca0748e@%3Cuser.thrift.apache.org%3E"
},
{
"name": "[thrift-user] 20210224 Re: [SECURITY] CVE-2020-13949 Announcement",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbc5cad06a46d23253a3c819229efedecfc05f89ef53f5fdde77a86d6@%3Cuser.thrift.apache.org%3E"
},
{
"name": "[hbase-issues] 20210301 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r02f7771863383ae993eb83cdfb70c3cb65a355c913242c850f61f1b8@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210302 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7ae909438ff5a2ffed9211e6ab0bd926396fd0b1fc33f31a406ee704@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210302 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf603d25213cfff81d6727c259328846b366fd32a43107637527c9768@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210302 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6990c849aeafe65366794bfd002febd47b7ffa8cf3c059b400bbb11d@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210302 [GitHub] [hbase] Apache9 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r298a25228868ebc0943d56c8f3641212a0962d2dbcf1507d5860038e@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210302 [GitHub] [hbase] pankaj72981 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf741d08c7e0ab1542c81ea718467422bd01159ed284796a36ad88311@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210303 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r278e96edc4bc13efb2cb1620a73e48f569162b833c6bda3e6ea18b80@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210308 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r421a9a76811c1aed7637b5fe5376ab14c09ccdd7b70d5211d6e76d1e@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210309 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1fb2d26b81c64ce96c4fd42b9e6842ff315b02c36518213b6c057350@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210310 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r286e9a13d3ab0550042997219101cb87871834b8d5ec293b0c60f009@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210310 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r117d5d2b08d505b69558a2a31b0a1cf8990cd0385060b147e70e76a9@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210311 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2f6a547f226579f542eb08793631d1f2d47d7aed7e2f9d11a4e6af9f@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210311 [GitHub] [hbase] pankaj72981 opened a new pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r449288f6a941a2585262e0f4454fdefe169d5faee33314f6f89fab30@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210311 [GitHub] [hbase] pankaj72981 closed pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3550b61639688e0efbc253c6c3e6358851c1f053109f1c149330b535@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210311 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r01b34416677f1ba869525e1b891ac66fa6f88c024ee4d7cdea6b456b@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210311 [GitHub] [hbase] Apache-HBase commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r890b8ec5203d70a59a6b1289420d46938d9029ed706aa724978789be@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210312 [GitHub] [hbase] pankaj72981 commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2ed66a3823990306b742b281af1834b9bc85f98259c870b8ffb13d93@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210312 [GitHub] [hbase] Apache-HBase commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r587b4a5bcbc290269df0906bafba074f3fe4e50d4e959212f56fa7ea@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[thrift-user] 20210312 Thrift 0.13 micro for CVE-2020-13949?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcdf62ecd36e39e4ff9c61802eee4927ce9ecff1602eed1493977ef4c@%3Cuser.thrift.apache.org%3E"
},
{
"name": "[thrift-user] 20210312 RE: Thrift 0.13 micro for CVE-2020-13949?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1504886a550426d3c05772c47b1a6350c3235e51fd1fdffbec43e974@%3Cuser.thrift.apache.org%3E"
},
{
"name": "[hbase-issues] 20210315 [GitHub] [hbase] saintstack commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf65df763f630163a3f620887efec082080555cee1adb0b8eaf2c7ddb@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210315 [GitHub] [hbase] Apache-HBase commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdc8e0f92d06decaee5db58de4ded16d80016a7db2240a8db17225c49@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210316 [GitHub] [hbase] pankaj72981 commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r191a9279e2863b68e5496ee4ecd8be0d4fe43b324b934f0d1f106e1d@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210316 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0372f0af2dad0b76fbd7a6cfdaad29d50384ad48dda475a5026ff9a3@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210316 [GitHub] [hbase] pankaj72981 merged pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r850522c56c05aa06391546bdb530bb8fc3437f2b77d16e571ae73309@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[thrift-notifications] 20210317 [GitHub] [thrift] cyril867 commented on pull request #2208: THRIFT-5237 Implement MAX_MESSAGE_SIZE and consolidate limits into a TConfiguration class (c_glib)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3f97dbbbb1b2a7324521208bb595392853714e141a37b8f68d395835@%3Cnotifications.thrift.apache.org%3E"
},
{
"name": "[thrift-notifications] 20210317 [GitHub] [thrift] cyril867 edited a comment on pull request #2208: THRIFT-5237 Implement MAX_MESSAGE_SIZE and consolidate limits into a TConfiguration class (c_glib)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3e31ec7e8c39db7553be4f4fd4d27cf27c41f1ba9c985995c4ea9c5a@%3Cnotifications.thrift.apache.org%3E"
},
{
"name": "[hbase-issues] 20210317 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r02ba8db500d15a5949e9a7742815438002ba1cf1b361bdda52ed40ca@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210318 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8dfbefcd606af6737b62461a45a9af9222040b62eab474ff2287cf75@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210319 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra7371efd8363c1cd0f5331aafd359a808cf7277472b8616d7b392128@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210319 [jira] [Comment Edited] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r668aed02e287c93403e0b8df16089011ee4a96afc8f479809f1fc07f@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210320 RE: [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf568168e7f83871969928c0379813da6d034485f8b20fa73884816d6@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r18732bb1343894143d68db58fe4c8f56d9cd221b37f1378ed7373372@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc896ce7761999b088f3adabcb99dde2102b6a66130b8eec6c8265eab@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3084: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.4)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc7a79b08822337c68705f16ee7ddcfd352313b836e78a4b86c7a7e3d@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1456eab5f3768be69436d5b0a68b483eb316eb85eb3ef6eba156a302@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3084: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.4)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6c5b7324274fd361b038c5cc316e99344b7ae20beae7163214fac14d@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rae95c2234b6644bfd666b2671a1b42a09f38514d0f27cca3c7d5d55a@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3086: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.2)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/race178e9500ab8a5a6112667d27c48559150cadb60f2814bc67c40af@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3de0e0c26d4bd00dd28cab27fb44fba11d1c1d20275f7cce71393dd1@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3086: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.2)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7597683cc8b87a31ec864835225a543dad112d7841bf1f17bf7eb8db@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new issue #11028: Bump Thrift library version",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfbb01bb85cdc2022f3b96bdc416dbfcb49a2855b3a340aa88b2e1de9@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[hbase-issues] 20210325 [GitHub] [hbase] pankaj72981 merged pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb44ec04e5a9b1f87fef97bb5f054010cbfaa3b8586472a3a38a16fca@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-commits] 20210324 [hbase] branch branch-2.2 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3086)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r409e296c890753296c544a74d4de0d4a3ce719207a5878262fa2bd71@%3Ccommits.hbase.apache.org%3E"
},
{
"name": "[hbase-commits] 20210324 [hbase] branch branch-2.4 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3084)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rada9d2244a66ede0be29afc5d5f178a209f9988db56b9b845d955741@%3Ccommits.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 merged pull request #3084: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.4)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb3574bc1036b577b265be510e6b208f0a5d5d84cd7198347dc8482df@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 merged pull request #3086: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.2)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r699c031e6921b0ad0f943848e7ba1d0e88c953619d47908618998f76@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-commits] 20210325 [hbase] branch branch-2.3 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3085)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r74eb88b422421c65514c23cb9c2b2216efb9254317ea1b6a264fe6dc@%3Ccommits.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210325 [GitHub] [hbase] pankaj72981 commented on pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1dea91f0562e0a960b45b1c5635b2a47b258b77171334276bcf260a7@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210325 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9b51e7c253cb0989b4c03ed9f4e5f0478e427473357209ccc4d08ebf@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210325 [GitHub] [hbase] Apache-HBase commented on pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rad635e16b300cf434280001ee6ecd2ed2c70987bf16eb862bfa86e02@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210325 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra3f7f06a1759c8e2985ed24ae2f5483393c744c1956d661adc873f2c@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-commits] 20210326 [hbase] branch branch-2 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3083)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd370fdb419652c5219409b315a6349b07a7e479bd3f151e9a5671774@%3Ccommits.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210326 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc48ab5455bdece9a4afab53ca0f1e4f742d5baacb241323454a87b4e@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210326 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4fa53eacca2ac38904f38dc226caebb3f2f668b2da887f2fd416f4a7@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210326 [GitHub] [hbase] pankaj72981 merged pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r08a7bd19470ef8950d58cc9d9e7b02bc69c43f56c601989a7729cce5@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210326 [GitHub] [hbase] pankaj72981 commented on pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdcf00186c34d69826d9c6b1f010136c98b00a586136de0061f7d267e@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[solr-issues] 20210407 [jira] [Created] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra9f7c755790313e1adb95d29794043fb102029e803daf4212ae18063@%3Cissues.solr.apache.org%3E"
},
{
"name": "[hbase-issues] 20210415 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r13f40151513ff095a44a86556c65597a7e55c00f5e19764a05530266@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[solr-issues] 20210420 [jira] [Commented] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r886b6d9a89b6fa0aafbf0a8f8f14351548d6c6f027886a3646dbd075@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb91c32194eb5006f0b0c8bcdbd512c13495a1b277d4d51d45687f036@%3Cissues.solr.apache.org%3E"
},
{
"name": "[hive-dev] 20210510 [jira] [Created] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.0 due",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcace846f74ea9e2af2f7c30cef0796724aa74089f109c8029b850163@%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210510 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r635133a74fa07ef3331cae49a9a088365922266edd58099a6162a5d3@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210510 [jira] [Assigned] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.0 due",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r15eed5d21e16a5cce810c1e096ffcffc36cd08c2f78ce2f9b24b4a6a@%3Cissues.hive.apache.org%3E"
},
{
"name": "[druid-commits] 20210513 [GitHub] [druid] clintropolis opened a new pull request #11250: suppress CVE-2020-13949 again for a time",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbfbb81e7fb5d5009caf25798f02f42a7bd064a316097303ba2f9ed76@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210513 [GitHub] [druid] clintropolis merged pull request #11251: [Backport] suppress CVE-2020-13949 again for a time",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8897a41f50d4eb19b268bde99328e943ba586f77779efa6de720c39f@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210513 [GitHub] [druid] clintropolis commented on pull request #11251: [Backport] suppress CVE-2020-13949 again for a time",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc7a241e0af086b226ff9ccabc4a243d206f0f887037994bfd8fcaaeb@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210513 [GitHub] [druid] clintropolis merged pull request #11250: suppress CVE-2020-13949 again for a time",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raea1bb8cf2eb39c5e10543f547bdbbdbb563c2ac6377652f161d4e37@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210513 [GitHub] [druid] clintropolis opened a new pull request #11251: [Backport] suppress CVE-2020-13949 again for a time",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r179119bbfb5610499286a84c316f6789c5afbfa5340edec6eb28d027@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[hive-issues] 20210517 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb51977d392b01434b0b5df5c19b9ad5b6178cfea59e676c14f24c053@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210530 [jira] [Work started] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r741364444c3b238ab4a161f67f0d3a8f68acc517a39e6a93aa85d753@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210530 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcae4c66f67e701db44d742156dee1f3e5e4e07ad7ce10c740a76b669@%3Cissues.hive.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210607 [GitHub] [pulsar] lhotari commented on issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210, CVE-2019-0205 and CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hive-issues] 20210609 [jira] [Work logged] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r950ced188d62320fdb84d9e2c6ba896328194952eff7430c4f55e4b0@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210609 [jira] [Resolved] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r62aa6d07b23095d980f348d330ed766560f9a9e940fec051f534ce37@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210609 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r12090c81b67d21a814de6cf54428934a5e5613fde222759bbb05e99b@%3Cissues.hive.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r20f6f8f8cf07986dc5304baed3bf4d8a1c4cf135ff6fe3640be4d7ec@%3Cissues.solr.apache.org%3E"
},
{
"name": "GLSA-202107-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-32"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[solr-issues] 20210819 [GitHub] [solr] janhoy opened a new pull request #268: SOLR-15324 Upgrade Jaeger dependency from 1.1.0 to 1.6.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r869331422580d35b4e65bd74cf3090298c4651bf4f31bfb19ae769da@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210819 [jira] [Commented] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r90b4473950e26607ed77f3d70f120166f6a36a3f80888e4eeabcaf91@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210819 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4d90b6d8de9697beb38814596d3a0d4994fa9aba1f6731a2c648d3ae@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210819 [jira] [Assigned] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0734d91f16d5b050f0bcff78b4719300042a34fadf5e52d0edf898e@%3Cissues.solr.apache.org%3E"
},
{
"name": "[camel-commits] 20210823 [GitHub] [camel] zhfeng opened a new pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r72c3d1582d50b2ca7dd1ee97e81c847a5cf3458be26d42653c39d7a6@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20210823 [GitHub] [camel] zhfeng commented on pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r533a172534ae67f6f17c4d33a1b814d3d5ada9ccd4eb442249f33fa2@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20210823 [GitHub] [camel] zhfeng merged pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf75979ae0ffd526f3afa935a8f0ee13c82808ea8b2bc0325eb9dcd90@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20210823 [camel] branch main updated: CAMEL-16880: camel-thrift - Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949 (#5976)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r17cca685ad53bc8300ee7fcfe874cb784a222343f217dd076e7dc1b6@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20210824 [GitHub] [camel] oscerd commented on pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r812915ecfa541ad2ca65c68a97b2c014dc87141dfaefc4de85049681@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20210824 [GitHub] [camel] zhfeng commented on pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r196409cc4df929d540a2e66169104f2b3b258d8bd96b5f083c59ee51@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[solr-issues] 20210825 [jira] [Commented] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9ec75f690dd60fec8621ba992290962705d5b7f0d8fd0a42fab0ac9f@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210825 [jira] [Resolved] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1084a911dff90b2733b442ee0f5929d19b168035d447f2d25f534fe4@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210825 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6ba4f0817f98bf7c1cb314301cb7a24ba11a0b3e7a5be8b0ae3190b0@%3Cissues.solr.apache.org%3E"
},
{
"name": "[thrift-user] 20210927 Analysis and guidelines concerning CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6ae3c68b0bfe430fb32f24236475276b6302bed625b23f53b68748b5@%3Cuser.thrift.apache.org%3E"
},
{
"name": "[thrift-user] 20211004 Re: Analysis and guidelines concerning CVE-2020-13949",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r995b945cc8f6ec976d8c52d42ba931a688b45fb32cbdde715b6a816a@%3Cuser.thrift.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=0.9.3 \u003c=0.13.0",
"affected_versions": "All versions starting from 0.9.3 up to 0.13.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-400",
"CWE-937"
],
"date": "2021-03-04",
"description": "In Apache Thrift, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.",
"fixed_versions": [],
"identifier": "CVE-2020-13949",
"identifiers": [
"CVE-2020-13949"
],
"not_impacted": "",
"package_slug": "conan/thrift",
"pubdate": "2021-02-12",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Uncontrolled Resource Consumption",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-13949"
],
"uuid": "07f66fcd-a721-4399-b0ae-2454fc480029"
},
{
"affected_range": "\u003e=v0.9.3 \u003c=v0.13.0",
"affected_versions": "All versions starting from 0.9.3 up to 0.13.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-400",
"CWE-937"
],
"date": "2021-03-04",
"description": "In Apache Thrift to, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.",
"fixed_versions": [
"v0.14.0"
],
"identifier": "CVE-2020-13949",
"identifiers": [
"CVE-2020-13949"
],
"not_impacted": "All versions before 0.9.3, all versions after 0.13.0",
"package_slug": "go/github.com/apache/thrift/lib/go/thrift",
"pubdate": "2021-02-12",
"solution": "Upgrade to version 0.14.0 or above.",
"title": "Uncontrolled Resource Consumption",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-13949"
],
"uuid": "22fb5cb6-3f1c-4e8a-b68e-66fca83cace0",
"versions": [
{
"commit": {
"sha": "ef5bdf0a1d11e86dbaa377a61f6a2d492578408c",
"tags": [
"0.9.3"
],
"timestamp": "20151001171628"
},
"number": "v0.9.3"
},
{
"commit": {
"sha": "b0c0a3be3e395315c12de04af686c6c857614d59",
"tags": [
"v0.13.0"
],
"timestamp": "20191011170555"
},
"number": "v0.13.0"
},
{
"commit": {
"sha": "8411e189b0af09e5baad34031555870cf692c1ad",
"tags": [
"v0.14.0"
],
"timestamp": "20210204231359"
},
"number": "v0.14.0"
}
]
},
{
"affected_range": "[0.9.3,0.13.0]",
"affected_versions": "All versions starting from 0.9.3 up to 0.13.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-400",
"CWE-937"
],
"date": "2021-10-04",
"description": "In Apache Thrift, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.",
"fixed_versions": [
"0.14.0"
],
"identifier": "CVE-2020-13949",
"identifiers": [
"CVE-2020-13949"
],
"not_impacted": "All versions before 0.9.3, all versions after 0.13.0",
"package_slug": "maven/org.apache.thrift/libthrift",
"pubdate": "2021-02-12",
"solution": "Upgrade to version 0.14.0 or above.",
"title": "Uncontrolled Resource Consumption",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-13949"
],
"uuid": "c52f84f5-fed2-457c-803f-45515da00cc8"
},
{
"affected_range": "\u003c0",
"affected_versions": "None",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-400",
"CWE-937"
],
"date": "2021-03-04",
"description": "This advisory has been marked as a false positive.",
"fixed_versions": [],
"identifier": "CVE-2020-13949",
"identifiers": [
"CVE-2020-13949"
],
"not_impacted": "",
"package_slug": "npm/thrift",
"pubdate": "2021-02-12",
"solution": "Nothing to be done",
"title": "Uncontrolled Resource Consumption",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-13949"
],
"uuid": "1a3aaa06-6c39-4a04-bf46-ab77c9c85c68"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:hive:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:thrift:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.13.0",
"versionStartIncluding": "0.9.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-13949"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E",
"refsource": "MISC",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E"
},
{
"name": "[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 opened a new pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r3a1291a7ab8ee43db87cb0253371489810877028fc6e7c68dc640926@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210215 [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r27b7d3d95ffa8498899ef1c9de553d469f8fe857640a3f6e58dba640@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210215 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r143ca388b0c83fe659db14be76889d50b453b0ee06f423181f736933@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r515e01a30443cfa2dbb355c44c63149869afd684fb7b0344c58fa67b@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r93f23f74315e009f4fb68ef7fc794dceee42cf87fe6613814dcd8c70@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210215 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rd78cdd87d84499a404202f015f55935db3658bd0983ecec81e6b18c6@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210215 [GitHub] [hbase] apurtell edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rd49d53b146d94a7d3a135f6b505589655ffec24ea470e345d31351bb@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210215 [GitHub] [hbase] apurtell commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r3f3e1d562c528b4bafef2dde51f79dd444a4b68ef24920d68068b6f9@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210216 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r2d180180f37c2ab5cebd711d080d01d8452efa8ad43c5d9cd7064621@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[thrift-user] 20210217 Apache Thrift 0.14.0 Release not on Maven central",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r89fdd39965efb7c6d22bc21c286d203252cea476e1782724aca0748e@%3Cuser.thrift.apache.org%3E"
},
{
"name": "[thrift-user] 20210224 Re: [SECURITY] CVE-2020-13949 Announcement",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rbc5cad06a46d23253a3c819229efedecfc05f89ef53f5fdde77a86d6@%3Cuser.thrift.apache.org%3E"
},
{
"name": "[hbase-issues] 20210301 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r02f7771863383ae993eb83cdfb70c3cb65a355c913242c850f61f1b8@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210302 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r7ae909438ff5a2ffed9211e6ab0bd926396fd0b1fc33f31a406ee704@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210302 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rf603d25213cfff81d6727c259328846b366fd32a43107637527c9768@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210302 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r6990c849aeafe65366794bfd002febd47b7ffa8cf3c059b400bbb11d@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210302 [GitHub] [hbase] Apache9 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r298a25228868ebc0943d56c8f3641212a0962d2dbcf1507d5860038e@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210302 [GitHub] [hbase] pankaj72981 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rf741d08c7e0ab1542c81ea718467422bd01159ed284796a36ad88311@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210303 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r278e96edc4bc13efb2cb1620a73e48f569162b833c6bda3e6ea18b80@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210308 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r421a9a76811c1aed7637b5fe5376ab14c09ccdd7b70d5211d6e76d1e@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210309 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r1fb2d26b81c64ce96c4fd42b9e6842ff315b02c36518213b6c057350@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210310 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r286e9a13d3ab0550042997219101cb87871834b8d5ec293b0c60f009@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210310 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r117d5d2b08d505b69558a2a31b0a1cf8990cd0385060b147e70e76a9@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210311 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r2f6a547f226579f542eb08793631d1f2d47d7aed7e2f9d11a4e6af9f@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210311 [GitHub] [hbase] pankaj72981 opened a new pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r449288f6a941a2585262e0f4454fdefe169d5faee33314f6f89fab30@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210311 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r01b34416677f1ba869525e1b891ac66fa6f88c024ee4d7cdea6b456b@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210311 [GitHub] [hbase] pankaj72981 closed pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r3550b61639688e0efbc253c6c3e6358851c1f053109f1c149330b535@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210311 [GitHub] [hbase] Apache-HBase commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r890b8ec5203d70a59a6b1289420d46938d9029ed706aa724978789be@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210312 [GitHub] [hbase] pankaj72981 commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r2ed66a3823990306b742b281af1834b9bc85f98259c870b8ffb13d93@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210312 [GitHub] [hbase] Apache-HBase commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r587b4a5bcbc290269df0906bafba074f3fe4e50d4e959212f56fa7ea@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[thrift-user] 20210312 Thrift 0.13 micro for CVE-2020-13949?",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rcdf62ecd36e39e4ff9c61802eee4927ce9ecff1602eed1493977ef4c@%3Cuser.thrift.apache.org%3E"
},
{
"name": "[thrift-user] 20210312 RE: Thrift 0.13 micro for CVE-2020-13949?",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r1504886a550426d3c05772c47b1a6350c3235e51fd1fdffbec43e974@%3Cuser.thrift.apache.org%3E"
},
{
"name": "[hbase-issues] 20210315 [GitHub] [hbase] saintstack commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rf65df763f630163a3f620887efec082080555cee1adb0b8eaf2c7ddb@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210315 [GitHub] [hbase] Apache-HBase commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rdc8e0f92d06decaee5db58de4ded16d80016a7db2240a8db17225c49@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210316 [GitHub] [hbase] pankaj72981 commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r191a9279e2863b68e5496ee4ecd8be0d4fe43b324b934f0d1f106e1d@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210316 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r0372f0af2dad0b76fbd7a6cfdaad29d50384ad48dda475a5026ff9a3@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210316 [GitHub] [hbase] pankaj72981 merged pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r850522c56c05aa06391546bdb530bb8fc3437f2b77d16e571ae73309@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210317 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r02ba8db500d15a5949e9a7742815438002ba1cf1b361bdda52ed40ca@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[thrift-notifications] 20210317 [GitHub] [thrift] cyril867 edited a comment on pull request #2208: THRIFT-5237 Implement MAX_MESSAGE_SIZE and consolidate limits into a TConfiguration class (c_glib)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r3e31ec7e8c39db7553be4f4fd4d27cf27c41f1ba9c985995c4ea9c5a@%3Cnotifications.thrift.apache.org%3E"
},
{
"name": "[thrift-notifications] 20210317 [GitHub] [thrift] cyril867 commented on pull request #2208: THRIFT-5237 Implement MAX_MESSAGE_SIZE and consolidate limits into a TConfiguration class (c_glib)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r3f97dbbbb1b2a7324521208bb595392853714e141a37b8f68d395835@%3Cnotifications.thrift.apache.org%3E"
},
{
"name": "[hbase-issues] 20210318 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r8dfbefcd606af6737b62461a45a9af9222040b62eab474ff2287cf75@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210319 [jira] [Comment Edited] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r668aed02e287c93403e0b8df16089011ee4a96afc8f479809f1fc07f@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210319 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/ra7371efd8363c1cd0f5331aafd359a808cf7277472b8616d7b392128@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210320 RE: [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rf568168e7f83871969928c0379813da6d034485f8b20fa73884816d6@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r18732bb1343894143d68db58fe4c8f56d9cd221b37f1378ed7373372@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rc896ce7761999b088f3adabcb99dde2102b6a66130b8eec6c8265eab@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3084: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.4)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rc7a79b08822337c68705f16ee7ddcfd352313b836e78a4b86c7a7e3d@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3084: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.4)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r6c5b7324274fd361b038c5cc316e99344b7ae20beae7163214fac14d@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rae95c2234b6644bfd666b2671a1b42a09f38514d0f27cca3c7d5d55a@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3086: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.2)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/race178e9500ab8a5a6112667d27c48559150cadb60f2814bc67c40af@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r1456eab5f3768be69436d5b0a68b483eb316eb85eb3ef6eba156a302@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r3de0e0c26d4bd00dd28cab27fb44fba11d1c1d20275f7cce71393dd1@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3086: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.2)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r7597683cc8b87a31ec864835225a543dad112d7841bf1f17bf7eb8db@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new issue #11028: Bump Thrift library version",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rfbb01bb85cdc2022f3b96bdc416dbfcb49a2855b3a340aa88b2e1de9@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[hbase-issues] 20210325 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r9b51e7c253cb0989b4c03ed9f4e5f0478e427473357209ccc4d08ebf@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210325 [GitHub] [hbase] pankaj72981 commented on pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r1dea91f0562e0a960b45b1c5635b2a47b258b77171334276bcf260a7@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 merged pull request #3084: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.4)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rb3574bc1036b577b265be510e6b208f0a5d5d84cd7198347dc8482df@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-commits] 20210324 [hbase] branch branch-2.2 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3086)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r409e296c890753296c544a74d4de0d4a3ce719207a5878262fa2bd71@%3Ccommits.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210325 [GitHub] [hbase] pankaj72981 merged pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rb44ec04e5a9b1f87fef97bb5f054010cbfaa3b8586472a3a38a16fca@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 merged pull request #3086: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.2)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r699c031e6921b0ad0f943848e7ba1d0e88c953619d47908618998f76@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-commits] 20210325 [hbase] branch branch-2.3 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3085)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r74eb88b422421c65514c23cb9c2b2216efb9254317ea1b6a264fe6dc@%3Ccommits.hbase.apache.org%3E"
},
{
"name": "[hbase-commits] 20210324 [hbase] branch branch-2.4 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3084)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rada9d2244a66ede0be29afc5d5f178a209f9988db56b9b845d955741@%3Ccommits.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210325 [GitHub] [hbase] Apache-HBase commented on pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rad635e16b300cf434280001ee6ecd2ed2c70987bf16eb862bfa86e02@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210325 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/ra3f7f06a1759c8e2985ed24ae2f5483393c744c1956d661adc873f2c@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-commits] 20210326 [hbase] branch branch-2 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3083)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rd370fdb419652c5219409b315a6349b07a7e479bd3f151e9a5671774@%3Ccommits.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210326 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rc48ab5455bdece9a4afab53ca0f1e4f742d5baacb241323454a87b4e@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210326 [GitHub] [hbase] pankaj72981 merged pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r08a7bd19470ef8950d58cc9d9e7b02bc69c43f56c601989a7729cce5@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210326 [GitHub] [hbase] pankaj72981 commented on pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rdcf00186c34d69826d9c6b1f010136c98b00a586136de0061f7d267e@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210326 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r4fa53eacca2ac38904f38dc226caebb3f2f668b2da887f2fd416f4a7@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[solr-issues] 20210407 [jira] [Created] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/ra9f7c755790313e1adb95d29794043fb102029e803daf4212ae18063@%3Cissues.solr.apache.org%3E"
},
{
"name": "[hbase-issues] 20210415 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r13f40151513ff095a44a86556c65597a7e55c00f5e19764a05530266@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[solr-issues] 20210420 [jira] [Commented] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r886b6d9a89b6fa0aafbf0a8f8f14351548d6c6f027886a3646dbd075@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rb91c32194eb5006f0b0c8bcdbd512c13495a1b277d4d51d45687f036@%3Cissues.solr.apache.org%3E"
},
{
"name": "[hive-issues] 20210510 [jira] [Assigned] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.0 due",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r15eed5d21e16a5cce810c1e096ffcffc36cd08c2f78ce2f9b24b4a6a@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20210510 [jira] [Created] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.0 due",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rcace846f74ea9e2af2f7c30cef0796724aa74089f109c8029b850163@%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210510 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.0",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r635133a74fa07ef3331cae49a9a088365922266edd58099a6162a5d3@%3Cissues.hive.apache.org%3E"
},
{
"name": "[druid-commits] 20210513 [GitHub] [druid] clintropolis opened a new pull request #11250: suppress CVE-2020-13949 again for a time",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rbfbb81e7fb5d5009caf25798f02f42a7bd064a316097303ba2f9ed76@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210513 [GitHub] [druid] clintropolis merged pull request #11250: suppress CVE-2020-13949 again for a time",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/raea1bb8cf2eb39c5e10543f547bdbbdbb563c2ac6377652f161d4e37@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210513 [GitHub] [druid] clintropolis merged pull request #11251: [Backport] suppress CVE-2020-13949 again for a time",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r8897a41f50d4eb19b268bde99328e943ba586f77779efa6de720c39f@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210513 [GitHub] [druid] clintropolis opened a new pull request #11251: [Backport] suppress CVE-2020-13949 again for a time",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r179119bbfb5610499286a84c316f6789c5afbfa5340edec6eb28d027@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210513 [GitHub] [druid] clintropolis commented on pull request #11251: [Backport] suppress CVE-2020-13949 again for a time",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rc7a241e0af086b226ff9ccabc4a243d206f0f887037994bfd8fcaaeb@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[hive-issues] 20210517 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rb51977d392b01434b0b5df5c19b9ad5b6178cfea59e676c14f24c053@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210530 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rcae4c66f67e701db44d742156dee1f3e5e4e07ad7ce10c740a76b669@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210530 [jira] [Work started] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r741364444c3b238ab4a161f67f0d3a8f68acc517a39e6a93aa85d753@%3Cissues.hive.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210607 [GitHub] [pulsar] lhotari commented on issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210, CVE-2019-0205 and CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hive-issues] 20210609 [jira] [Work logged] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r950ced188d62320fdb84d9e2c6ba896328194952eff7430c4f55e4b0@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210609 [jira] [Resolved] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r62aa6d07b23095d980f348d330ed766560f9a9e940fec051f534ce37@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210609 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r12090c81b67d21a814de6cf54428934a5e5613fde222759bbb05e99b@%3Cissues.hive.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r20f6f8f8cf07986dc5304baed3bf4d8a1c4cf135ff6fe3640be4d7ec@%3Cissues.solr.apache.org%3E"
},
{
"name": "GLSA-202107-32",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-32"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[solr-issues] 20210819 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r4d90b6d8de9697beb38814596d3a0d4994fa9aba1f6731a2c648d3ae@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210819 [GitHub] [solr] janhoy opened a new pull request #268: SOLR-15324 Upgrade Jaeger dependency from 1.1.0 to 1.6.0",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r869331422580d35b4e65bd74cf3090298c4651bf4f31bfb19ae769da@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210819 [jira] [Commented] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r90b4473950e26607ed77f3d70f120166f6a36a3f80888e4eeabcaf91@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210819 [jira] [Assigned] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rd0734d91f16d5b050f0bcff78b4719300042a34fadf5e52d0edf898e@%3Cissues.solr.apache.org%3E"
},
{
"name": "[camel-commits] 20210823 [GitHub] [camel] zhfeng commented on pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r533a172534ae67f6f17c4d33a1b814d3d5ada9ccd4eb442249f33fa2@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20210823 [GitHub] [camel] zhfeng opened a new pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r72c3d1582d50b2ca7dd1ee97e81c847a5cf3458be26d42653c39d7a6@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20210823 [GitHub] [camel] zhfeng merged pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rf75979ae0ffd526f3afa935a8f0ee13c82808ea8b2bc0325eb9dcd90@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20210823 [camel] branch main updated: CAMEL-16880: camel-thrift - Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949 (#5976)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r17cca685ad53bc8300ee7fcfe874cb784a222343f217dd076e7dc1b6@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20210824 [GitHub] [camel] oscerd commented on pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r812915ecfa541ad2ca65c68a97b2c014dc87141dfaefc4de85049681@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20210824 [GitHub] [camel] zhfeng commented on pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r196409cc4df929d540a2e66169104f2b3b258d8bd96b5f083c59ee51@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[solr-issues] 20210825 [jira] [Resolved] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r1084a911dff90b2733b442ee0f5929d19b168035d447f2d25f534fe4@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210825 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r6ba4f0817f98bf7c1cb314301cb7a24ba11a0b3e7a5be8b0ae3190b0@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210825 [jira] [Commented] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r9ec75f690dd60fec8621ba992290962705d5b7f0d8fd0a42fab0ac9f@%3Cissues.solr.apache.org%3E"
},
{
"name": "[thrift-user] 20210927 Analysis and guidelines concerning CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r6ae3c68b0bfe430fb32f24236475276b6302bed625b23f53b68748b5@%3Cuser.thrift.apache.org%3E"
},
{
"name": "[thrift-user] 20211004 Re: Analysis and guidelines concerning CVE-2020-13949",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r995b945cc8f6ec976d8c52d42ba931a688b45fb32cbdde715b6a816a@%3Cuser.thrift.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-04-04T13:32Z",
"publishedDate": "2021-02-12T20:15Z"
}
}
}
Loading...