Severity: important
Affected versions:
- Apache Thrift before 0.23.0
Description:
Origin Validation Error, Improper Limitation of a Pathname to a Restricted
Directory ('Path Traversal'), Improper Neutralization of CRLF Sequences in HTTP
Headers ('HTTP Request/Response Splitting'), Uncontrolled Resource Consumption
vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixes the issue.
References:
https://thrift.apache.org/
https://www.cve.org/CVERecord?id=CVE-2026-43870
