CVE-2018-11798

Published: 1/7/2019 Last updated: 8/5/2024 Reserved: 6/5/2018

The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.

CNA assigner: apache (f0158376-9dc2-43b6-827c-5f631a4d8d09) Requested by: n/a

Opam packages affected (1)

thrift

Products affected (1)

Product	Vendor	Version
Apache Thrift	Apache Software Foundation	< 6.3.9600.21924

References (10)

https://lists.apache.org/thread.html/6e9edd282684896cedf615fb67a02bebfe6007f2d5baf03ba52e34fd@%3Cuser.thrift.apache.org%3E
https://access.redhat.com/errata/RHSA-2019:1545
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://access.redhat.com/errata/RHSA-2019:3140
http://www.securityfocus.com/bid/106501
https://lists.apache.org/thread.html/6e9edd282684896cedf615fb67a02bebfe6007f2d5baf03ba52e34fd@%3Cuser.thrift.apache.org%3E
https://access.redhat.com/errata/RHSA-2019:1545
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://access.redhat.com/errata/RHSA-2019:3140
http://www.securityfocus.com/bid/106501