Apache Thrift is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted messages, a remote attacker could exploit this vulnerability to cause a large memory allocation, and results in a denial of service condition.
Denial of service
Apache Thrift 0.13.0
Upgrade to the latest version of Thrift (0.14.0 or later)