CVE-2018-11798
published 2019-01-07CVE-2018-11798: The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user…
medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | thrift | 0.9.2 – 0.11.0 | — |
| apache_software_foundation | apache_thrift | — | — |
| debian | thrift | < thrift 0.11.0-4 (bookworm) | thrift 0.11.0-4 (bookworm) |
| thrift | >= 0 < 0.11.0-4 | 0.11.0-4 | |
| thrift | >= 0 < 0.11.0-4 | 0.11.0-4 | |
| thrift | >= 0 < 0.11.0-4 | 0.11.0-4 | |
| thrift | >= 0 < 0.11.0-4 | 0.11.0-4 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv6.5MEDIUM