KB Article #181581

Known Vulnerabilities in libthrift < 0.14.0

Problem

Known Vulnerabilities in libthrift < 0.14.0 (From Cassandra)

CVE-2018-1320 - https://nvd.nist.gov/vuln/detail/CVE-2018-1320

CVE-2019-0205 - https://nvd.nist.gov/vuln/detail/CVE-2019-0205

CVE-2019-0210 - https://nvd.nist.gov/vuln/detail/CVE-2019-0210

CVE-2018-11798 - https://nvd.nist.gov/vuln/detail/CVE-2018-11798

CVE-2020-13949 - https://nvd.nist.gov/vuln/detail/CVE-2020-13949


Resolution

CVE-2018-1320 - This is fixed in libthrift 0.9.3-1 ( API Gateway Security Advisory )

CVE-2019-0205 - This is fixed in libthrift 0.9.3-1 ( API Gateway Security Advisory)

Download libthrift 0.9.3-1 here :- Where to find libthrift 0.9.3-1

CVE-2019-0210 - Invalid, Cassandra is not implemented in Go, so this vulnerability is not applicable to it

CVE-2018-11798 - Invalid, Cassandra is not implemented in NodeJS, so this vulnerability is not applicable to it

CVE-2020-13949 - No version of Cassandra uses 0.14.0. Cassandra 2.x.x and 3.x.x all use 0.9.2. Upgrade to Cassandra 4 is already in the roadmap


Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.