CVE-2018-1320: Improper Input Validation

January 7, 2019 (updated July 24, 2019)

An Apache Thrift Java client library can bypass SASL negotiation validation in the org.apache.thrift.transport.TSaslTransport class.

References

www.securityfocus.com/bid/106551
nvd.nist.gov/vuln/detail/CVE-2018-1320

Code Behaviors & Features

Detect and mitigate CVE-2018-1320 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →