Vulnerability	Vulnerable Version
M Insufficient Validation thrift is a Python bindings package for Apache Thrift. Affected versions of this package are vulnerable to Insufficient Validation. Multiple SSL vulnerabilities exists within `thrift` which includes: It is possible to abuse to embedded OpenSSL library within `thrift` to conduct denial of service attacks by abusing `TSSLSocket` during `close()` The SSL library used by default allows for insecure SSLv3 negotiation How to fix Insufficient Validation? Upgrade `thrift` to version 0.9.3 or higher.	[,0.9.3)
H Denial of Service (DoS) thrift is a Python bindings package for Apache Thrift. Affected versions of this package are vulnerable to Denial of Service (DoS). A server or client may run into an endless loop when fed with specific input data. Note: This issue was found to be partially fixed within version `0.11.0`. As such depending on the installed version it affects only certain language bindings. How to fix Denial of Service (DoS)? Upgrade `thrift` to version 0.13.0 or higher.	[,0.13.0)
H Authentication Bypass thrift is a Python bindings package for Apache Thrift. Affected versions of this package are vulnerable to Authentication Bypass. It could bypass SASL negotiation in the `org.apache.thrift.transport.TSaslTransport` class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete. How to fix Authentication Bypass? Upgrade `thrift` to version 0.10.0 or higher.	[,0.10.0)

Go back to all versions of this package