cvedb.io
CVE-2018-1320
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2019-01-07T17:29:00.360 · Last modified 2026-06-17T01:51:00.723

Summary

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.

Affected products

apache — thrift

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.