Every CVE whose affected-product data names Facebook Thrift, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2021-24028 — CVSS 9.8 (critical): An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other…
CVE-2019-11939 — CVSS 7.5 (high): Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result…
CVE-2019-3552 — CVSS 7.5 (high): C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result…
CVE-2019-3553 — CVSS 7.5 (high): C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result…
CVE-2019-11938 — CVSS 7.5 (high): Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result…
CVE-2019-3559 — CVSS 7.5 (high): Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious…
CVE-2019-3564 — CVSS 7.5 (high): Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious…
CVE-2019-3565 — CVSS 7.5 (high): Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown…
CVE-2019-3558 — CVSS 7.5 (high): Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious…