Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-4506

[CVE-2018-1320] Remove assertion in Java SASL code that would be ignored in release builds

    XMLWordPrintableJSON

Details

    Description

      There is an assertion in the SASL transport for Java that will only be processed in debug builds, at https://github.com/apache/thrift/blob/master/lib/java/src/org/apache/thrift/transport/TSaslTransport.java#L298. The preceeding while loop can be changed to guarantee this assertion in all builds.

      https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1320

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. HIVE-21207 Use 0.12.0 libthrift version in Hive

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #1771

          Web Link Link to commit that resolved this issue

          Activity

            People

              jking3 James E. King III
              jking3 James E. King III
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: