CVE-2018-11798

Summary

The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache ThriftApache Thrift 0.9.2 to 0.11.0affected

Weaknesses

  • Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References