Описание
The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| thrift | fixed | 0.11.0-4 | package |
Примечания
https://issues.apache.org/jira/browse/THRIFT-4647
https://github.com/apache/thrift/commit/2a2b72f6c8aef200ecee4984f011e06052288ff2
src:thrift in Debian configured with --without-nodejs
Связанные уязвимости
The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.
The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.
The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.
Apache Thrift Node.js static web server sandbox escape
Уязвимость библиотеки Node.js языка описания интерфейсов Apache Thrift, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации