VDB

CVE-2018-1320

CVE-2018-1320 PUBLISHED

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.

EPSS 0.09% · 26.0th percentile

Risk Scores

EPSS Score
0.09%
26.0th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSlibthrift-java0.9.1-2, 0
Ubuntu:16.04:LTSlibthrift-java0.9.1-2, 0

Timeline

  • Jan 7, 2019 CVE Published
  • Jul 24, 2019 CVE Updated
  • Apr 14, 2021 EPSS Score
  • Apr 16, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Jun 28, 2021 PoC Published
  • Oct 26, 2021 EPSS Score
  • Dec 11, 2021 PoC Published
  • Dec 13, 2021 PoC Published
  • Dec 18, 2021 PoC Published
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›