Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-jq7p-26h5-w78r

GitHub Security Advisory

Out-of-bounds read in Apache Thrift

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.

Affected Packages

Go github.com/apache/thrift
Affected versions: 0.9.3 (fixed in 0.13.0)

Related CVEs

CVE-2019-0210

Key Information

GHSA ID
GHSA-jq7p-26h5-w78r
Published
May 18, 2021 3:32 PM
Last Modified
October 31, 2022 3:57 PM
CVSS Score
7.5 /10
Primary Ecosystem
Go
Primary Package
github.com/apache/thrift
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 15, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.