Max CVSS 9.0 Min CVSS 5.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-0205 7.8
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it
18-04-2022 - 15:45 29-10-2019 - 19:15
CVE-2019-16869 5.0
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
30-03-2022 - 14:21 26-09-2019 - 16:15
CVE-2018-1320 5.0
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed co
30-03-2022 - 14:15 07-01-2019 - 17:29
CVE-2019-20444 6.4
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
14-09-2021 - 12:45 29-01-2020 - 21:15
CVE-2019-20445 6.4
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
14-09-2021 - 12:45 29-01-2020 - 21:15
CVE-2019-20444 6.4
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
25-09-2020 - 20:15 29-01-2020 - 21:15
CVE-2019-20445 6.4
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
25-09-2020 - 20:15 29-01-2020 - 21:15
CVE-2019-16869 5.0
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
25-09-2020 - 00:15 26-09-2019 - 16:15
CVE-2016-5397 9.0
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
04-06-2020 - 17:15 12-02-2018 - 17:29
Back to Top Mark selected
Back to Top