CVE-2018-11798: File and Directory Information Exposure

January 7, 2019 (updated June 19, 2019)

The Apache Thrift Node.js static web server contains a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.

References

www.securityfocus.com/bid/106501
lists.apache.org/thread.html/6e9edd282684896cedf615fb67a02bebfe6007f2d5baf03ba52e34fd@%3Cuser.thrift.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2018-11798

Detect and mitigate CVE-2018-11798 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →