Primary

Context

Apache Thrift Uncontrolled Recursion Vulnerability in Node.js Bindings

Vulnerability

Patched

A vulnerability allowing uncontrolled recursion has been identified in the Node.js bindings of Apache Thrift, affecting versions prior to 0.23.0. This flaw could lead to a stack overflow or similar issues by allowing recursive function calls to go unchecked.

Impact

Exploitation of this vulnerability could cause a stack overflow, leading to a denial-of-service condition where the application crashes or becomes unresponsive.

Remediation

Users are advised to upgrade to Apache Thrift version 0.23.0 or later, which addresses this vulnerability.

Added: Apr 28, 2026, 10:30 AM

Updated: Apr 28, 2026, 10:30 AM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

7.4

remediation

7.7

relevance

6.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

7.4

remediation

7.7

relevance

6.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Thrift Uncontrolled Recursion Vulnerability in Node.js Bindings

Vulnerability

Impact

Remediation

Affected Products

Apache Thrift

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating