Go modules package
github.com/apache/thrift
pkg:golang/github.com/apache/thrift
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-41602 | Hig | 7.5 | < 0.23.0 | 0.23.0 | Apr 28, 2026 | Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | |
| CVE-2019-0210 | — | >= 0.9.3, < 0.13.0 | 0.13.0 | Oct 28, 2019 | In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. | ||
| CVE-2016-5397 | — | < 0.10.0 | 0.10.0 | Feb 12, 2018 | The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0. |
- affected < 0.23.0fixed 0.23.0
Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
- CVE-2019-0210Oct 28, 2019affected >= 0.9.3, < 0.13.0fixed 0.13.0
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.
- CVE-2016-5397Feb 12, 2018affected < 0.10.0fixed 0.10.0
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.