Uploaded image for project: 'Apache Cassandra'
  1. Apache Cassandra
  2. CASSANDRA-16606

Update libthrift jar to at least 0.9.3-1, investigate 0.14.0

    XMLWordPrintableJSON

Details

    • Security - Denial of Service
    • Normal
    • Low Hanging Fruit
    • User Report
    • All
    • None

    Description

      Cassandra 3.x and 2.x uses libthrift 0.9.2, which has a number of vulnerabilities associated with it which are applicable to Cassandra;

      CVE-2015-3254
      CVE-2018-1320 (CASSANDRA-15424)
      CVE-2019-0205 (CASSANDRA-15420)

      Updating to 0.9.3-1 will mitigate these, however that branch suffers CVE-2020-13949.

      To mitigate risks from using out of date libthrift versions, Cassandra should be updated to use 0.14.0

      Attachments

        Issue Links

          Activity

            People

              stefan.miklosovic Stefan Miklosovic
              mdenihan Mark Denihan
              Stefan Miklosovic
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: