krakend-ce icon indicating copy to clipboard operation
krakend-ce copied to clipboard

Published 20 hours ago verified publisher icon krakend

Upgrade Library Apache Thrift (Vulnerability CVE)

Open abdidarmawan007 opened this issue 2 years ago • 0 comments

Krakend Docker images with tag = devopsfaith/krakend:2.0 or 2.0.x / latest

Library = github.com/apache/thrift Version = v0.12.0

https://github.com/krakendio/krakend-ce/blob/3bd4635ff5ce1b41fc15b189d533341bb59e0133/go.mod#L79

Severity = High CVE-2019-0205 : thrift: Endless loop when feed with specific input data CVE-2019-0210 : thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol CVE-2020-13949 : libthrift: potential DoS when processing untrusted payloads

Fix Version = v0.14.0

abdidarmawan007 avatar Aug 25 '22 02:08 abdidarmawan007