CVE-2020-13949
go/github.com/apache/thrift/lib/go/thrift
Uncontrolled Resource Consumption
In Apache Thrift to, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
All versions starting from 0.9.3 up to 0.13.0
Upgrade to version 0.14.0 or above.
2021-02-23
source |