org.apache.thrift:libthrift (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.thrift:libthrift, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2018-1320 — CVSS 7.5 (high): Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the…
CVE-2019-0205 — CVSS 7.5 (high): In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input…
CVE-2020-13949 — CVSS 7.5 (high): In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation…
CVE-2026-43869 — CVSS 7.3 (high): Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0…
CVE-2018-11798 — CVSS 6.5 (medium): The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in…