org.apache.thrift:libthrift 0.20.0

Direct Vulnerabilities

Known vulnerabilities in the org.apache.thrift:libthrift package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Improper Validation of Certificate with Host Mismatch org.apache.thrift:libthrift is a lightweight, language-independent software stack with an associated code generation mechanism for point-to-point RPC. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to improper validation of the server's certificate hostname in the `TNonblockingSSLSocket.java` file. An attacker can intercept or manipulate encrypted communications by presenting a certificate with a mismatched hostname. How to fix Improper Validation of Certificate with Host Mismatch? Upgrade `org.apache.thrift:libthrift` to version 0.23.0 or higher.	[,0.23.0)
M Improper Validation of Certificate with Host Mismatch org.apache.thrift:libthrift is a lightweight, language-independent software stack with an associated code generation mechanism for point-to-point RPC. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to insufficient verification of the server's hostname during the TLS handshake in the `TSSLTransportFactory` file. An attacker can intercept or manipulate encrypted communications by performing a man-in-the-middle attack. How to fix Improper Validation of Certificate with Host Mismatch? Upgrade `org.apache.thrift:libthrift` to version 0.23.0 or higher.	[,0.23.0)

Vulnerability

Vulnerable Version

Improper Validation of Certificate with Host Mismatch

org.apache.thrift:libthrift is a lightweight, language-independent software stack with an associated code generation mechanism for point-to-point RPC.

Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to improper validation of the server's certificate hostname in the TNonblockingSSLSocket.java file. An attacker can intercept or manipulate encrypted communications by presenting a certificate with a mismatched hostname.

How to fix Improper Validation of Certificate with Host Mismatch?

Upgrade org.apache.thrift:libthrift to version 0.23.0 or higher.

[,0.23.0)

Improper Validation of Certificate with Host Mismatch

org.apache.thrift:libthrift is a lightweight, language-independent software stack with an associated code generation mechanism for point-to-point RPC.

Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to insufficient verification of the server's hostname during the TLS handshake in the TSSLTransportFactory file. An attacker can intercept or manipulate encrypted communications by performing a man-in-the-middle attack.

How to fix Improper Validation of Certificate with Host Mismatch?

Upgrade org.apache.thrift:libthrift to version 0.23.0 or higher.

[,0.23.0)

org.apache.thrift:libthrift@0.20.0

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically