Jens Geyer

**Name of the Vulnerable Software and Affected Versions** Apache Thrift versions prior to 0.23.0 **Description** Improper validation of certificates with host mismatch occurs in Apache Thrift. **Recommendations** Upgrade to version 0.23.0.

**Name of the Vulnerable Software and Affected Versions** Apache Thrift versions prior to 0.23.0 **Description** An issue exists involving memory allocation with an excessive size value. **Recommendations** Upgrade to version 0.23.0.

**Name of the Vulnerable Software and Affected Versions** Apache Thrift versions prior to 0.23.0 **Description** Apache Thrift contains multiple issues, including an origin validation error, improper limitation of a pathname to a restricted directory (Path Traversal), improper neutralization of CRLF sequences in HTTP headers (HTTP Request/Response Splitting), and uncontrolled resource consumption. **Recommendations** Upgrade to version 0.23.0.

**Name of the Vulnerable Software and Affected Versions** Apache Thrift versions prior to 0.23.0 **Description** Improper validation of certificates with host mismatch occurs in the Java `TSSLTransportFactory` hostname verification process. **Recommendations** Upgrade to version 0.23.0.