{"cve":{"cve_id":"CVE-2018-1320","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.08188,"epss_percentile":0.94137,"epss_as_of":"2026-06-23","description":"Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.","published_at":"2019-01-07T18:00:00Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":null,"nvd_references":["https://lists.apache.org/thread.html/da5234b5e78f1c99190407f791dfe1bf6c58de8d30d15974a9669be3%40%3Cuser.thrift.apache.org%3E","http://www.securityfocus.com/bid/106551","https://lists.debian.org/debian-lts-announce/2019/02/msg00008.html","https://lists.apache.org/thread.html/187684ac8b94d55256253f5220cb55e8bd568afdf9a8a86e9bbb66c9%40%3Cdevnull.infra.apache.org%3E","https://support.f5.com/csp/article/K36361684","https://lists.apache.org/thread.html/dbe3a39b48900318ad44494e8721f786901ba4520cd412c7698f534f%40%3Cdev.storm.apache.org%3E","https://lists.apache.org/thread.html/dfee89880c84874058c6a584d8128468f8d3c2ac25068ded91073adc%40%3Cuser.storm.apache.org%3E","https://lists.apache.org/thread.html/e825ff2f4e129c0ecdb6a19030b53c1ccdf810a8980667628d0c6a80%40%3Cannounce.apache.org%3E","http://www.openwall.com/lists/oss-security/2019/07/24/3","https://access.redhat.com/errata/RHSA-2019:2413","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/3d3b6849fcf4cd1e87703b3dde0d57aabeb9ba0193dc0cf3c97f545d%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/6b07f6f618155c777191b4fad8ade0f0cf4ed4c12a1a746ce903d816%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/07c3cd5a2953a4b253eee4437b1397b1603d0f886437e19b657d2c54%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/8be5b16c02567fff61b1284e5df433a4e38617bc7de4804402bf62be%40%3Ccommits.cassandra.apache.org%3E","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r2278846f7ab06ec07a0aa31457235e0ded9191b216cba55f3f315f16%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r261972a3b14cf6f1dcd94b1b265e9ef644a38ccdf0d0238fa0c4d459%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r09c3dcdccf4b74ad13bda79b354e6b793255ccfe245cca1b8cee23f5%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r3d71a6dbb063aa61ba81278fe622b20bfe7501bb3821c27695641ac3%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r1015eaadef8314daa9348aa423086a732cfeb998ceb5d42605c9b0b5%40%3Ccommits.cassandra.apache.org%3E"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:10:44.743527Z"},"effective_severity":null,"badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"apache-software-foundation","vendor_name":"Apache Software Foundation","product_slug":"apache-thrift","product_name":"Apache Thrift","version_start":"Apache Thrift 0.5.0 to 0.11.0","version_start_inclusive":true,"version_end":"Apache Thrift 0.5.0 to 0.11.0","version_end_inclusive":true,"cpe23_uri":"cve5:apache-software-foundation:apache-thrift:Apache Thrift 0.5.0 to 0.11.0:Apache Thrift 0.5.0 to 0.11.0"}],"exploit_refs":[],"news":[],"references":[{"url":"https://lists.apache.org/thread.html/da5234b5e78f1c99190407f791dfe1bf6c58de8d30d15974a9669be3%40%3Cuser.thrift.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"http://www.securityfocus.com/bid/106551","source_type":"MISC","tags":[]},{"url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00008.html","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://lists.apache.org/thread.html/187684ac8b94d55256253f5220cb55e8bd568afdf9a8a86e9bbb66c9%40%3Cdevnull.infra.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://support.f5.com/csp/article/K36361684","source_type":"MISC","tags":[]},{"url":"https://lists.apache.org/thread.html/dbe3a39b48900318ad44494e8721f786901ba4520cd412c7698f534f%40%3Cdev.storm.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://lists.apache.org/thread.html/dfee89880c84874058c6a584d8128468f8d3c2ac25068ded91073adc%40%3Cuser.storm.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://lists.apache.org/thread.html/e825ff2f4e129c0ecdb6a19030b53c1ccdf810a8980667628d0c6a80%40%3Cannounce.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"http://www.openwall.com/lists/oss-security/2019/07/24/3","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://access.redhat.com/errata/RHSA-2019:2413","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://lists.apache.org/thread.html/3d3b6849fcf4cd1e87703b3dde0d57aabeb9ba0193dc0cf3c97f545d%40%3Ccommits.cassandra.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list","patch"]},{"url":"https://lists.apache.org/thread.html/6b07f6f618155c777191b4fad8ade0f0cf4ed4c12a1a746ce903d816%40%3Ccommits.cassandra.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list","patch"]},{"url":"https://lists.apache.org/thread.html/07c3cd5a2953a4b253eee4437b1397b1603d0f886437e19b657d2c54%40%3Ccommits.cassandra.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list","patch"]},{"url":"https://lists.apache.org/thread.html/8be5b16c02567fff61b1284e5df433a4e38617bc7de4804402bf62be%40%3Ccommits.cassandra.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list","patch"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list","patch"]},{"url":"https://lists.apache.org/thread.html/r2278846f7ab06ec07a0aa31457235e0ded9191b216cba55f3f315f16%40%3Ccommits.cassandra.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list","patch"]},{"url":"https://lists.apache.org/thread.html/r261972a3b14cf6f1dcd94b1b265e9ef644a38ccdf0d0238fa0c4d459%40%3Ccommits.cassandra.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list","patch"]},{"url":"https://lists.apache.org/thread.html/r09c3dcdccf4b74ad13bda79b354e6b793255ccfe245cca1b8cee23f5%40%3Ccommits.cassandra.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list","patch"]},{"url":"https://lists.apache.org/thread.html/r3d71a6dbb063aa61ba81278fe622b20bfe7501bb3821c27695641ac3%40%3Ccommits.cassandra.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list","patch"]},{"url":"https://lists.apache.org/thread.html/r1015eaadef8314daa9348aa423086a732cfeb998ceb5d42605c9b0b5%40%3Ccommits.cassandra.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list","patch"]}],"timeline":[{"type":"published","at":"2019-01-07T18:00:00Z","label":"CVE published","source":null}]}