diff --git a/CVE-2018-11798.patch b/CVE-2018-11798.patch
new file mode 100644
index 0000000000000000000000000000000000000000..65d7fdfa80bb0d6c763512d4ac3178d117808421
--- /dev/null
+++ b/CVE-2018-11798.patch
@@ -0,0 +1,63 @@
+From 54356a41474cccb0e2e2a7fc4b646812acadb7ec Mon Sep 17 00:00:00 2001
+From: jfarrell <jfarrell@apache.org>
+Date: Thu, 4 Oct 2018 23:00:28 -0400
+Subject: [PATCH] Thrift-4647: Node.js Filesever webroot fixed path
+
+Updates the node.js fileserver to have a fixed based webroot which can
+not be escaped by end users.
+---
+ lib/js/test/server_http.js          |  2 +-
+ lib/js/test/server_https.js         |  2 +-
+ lib/nodejs/lib/thrift/web_server.js | 10 +++++++++-
+ 3 files changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/lib/js/test/server_http.js b/lib/js/test/server_http.js
+index e195e80..c516409 100644
+--- a/lib/js/test/server_http.js
++++ b/lib/js/test/server_http.js
+@@ -36,7 +36,7 @@ var ThriftTestSvcOpt = {
+ };
+ 
+ var ThriftWebServerOptions = {
+-	files: ".",
++	files: __dirname,
+ 	services: {
+ 		"/service": ThriftTestSvcOpt
+ 	}
+diff --git a/lib/js/test/server_https.js b/lib/js/test/server_https.js
+index af1745b..9499b09 100644
+--- a/lib/js/test/server_https.js
++++ b/lib/js/test/server_https.js
+@@ -40,7 +40,7 @@ var ThriftTestSvcOpt = {
+ };
+ 
+ var ThriftWebServerOptions = {
+-  files: ".",
++  files: __dirname,
+   tls: {
+      key: fs.readFileSync("../../../test/keys/server.key"),
+      cert: fs.readFileSync("../../../test/keys/server.crt")
+diff --git a/lib/nodejs/lib/thrift/web_server.js b/lib/nodejs/lib/thrift/web_server.js
+index 37159ea..47e8a9f 100644
+--- a/lib/nodejs/lib/thrift/web_server.js
++++ b/lib/nodejs/lib/thrift/web_server.js
+@@ -414,7 +414,15 @@ exports.createWebServer = function(options) {
+ 
+     //Locate the file requested and send it
+     var uri = url.parse(request.url).pathname;
+-    var filename = path.join(baseDir, uri);
++    var filename = path.resolve(path.join(baseDir, uri));
++
++    //Ensure the basedir path is not able to be escaped
++    if (filename.indexOf(baseDir) != 0) {
++      response.writeHead(400, "Invalid request path", {});
++      response.end();
++      return;
++    }
++
+     fs.exists(filename, function(exists) {
+       if(!exists) {
+         response.writeHead(404);
+-- 
+2.23.0
+
diff --git a/CVE-2018-1320.patch b/CVE-2018-1320.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5021496d3fbac34212c63fe5c73d7c892ff893c9
--- /dev/null
+++ b/CVE-2018-1320.patch
@@ -0,0 +1,32 @@
+From d973409661f820d80d72c0034d06a12348c8705e Mon Sep 17 00:00:00 2001
+From: "James E. King III" <jking@apache.org>
+Date: Mon, 5 Mar 2018 11:34:21 -0500
+Subject: [PATCH] THRIFT-4506: fix use of assert for correctness in Java SASL
+ negotiation Client: java
+
+---
+ lib/java/src/org/apache/thrift/transport/TSaslTransport.java | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/lib/java/src/org/apache/thrift/transport/TSaslTransport.java b/lib/java/src/org/apache/thrift/transport/TSaslTransport.java
+index a94d9a7760..bbd3f9a34a 100644
+--- a/lib/java/src/org/apache/thrift/transport/TSaslTransport.java
++++ b/lib/java/src/org/apache/thrift/transport/TSaslTransport.java
+@@ -287,7 +287,7 @@ public void open() throws TTransportException {
+         if (message.status == NegotiationStatus.COMPLETE &&
+             getRole() == SaslRole.CLIENT) {
+           LOGGER.debug("{}: All done!", getRole());
+-          break;
++          continue;
+         }
+ 
+         sendSaslMessage(sasl.isComplete() ? NegotiationStatus.COMPLETE : NegotiationStatus.OK,
+@@ -295,8 +295,6 @@ public void open() throws TTransportException {
+       }
+       LOGGER.debug("{}: Main negotiation loop complete", getRole());
+ 
+-      assert sasl.isComplete();
+-
+       // If we're the client, and we're complete, but the server isn't
+       // complete yet, we need to wait for its response. This will occur
+       // with ANONYMOUS auth, for example, where we send an initial response
diff --git a/CVE-2019-0205.patch b/CVE-2019-0205.patch
new file mode 100644
index 0000000000000000000000000000000000000000..74c1fc8a7a00c4381825df45e261d32044452d38
--- /dev/null
+++ b/CVE-2019-0205.patch
@@ -0,0 +1,23 @@
+From 2b70c1df2bb2c1667f30dff6d4b263459fabe91a Mon Sep 17 00:00:00 2001
+From: Jens Geyer <jensg@apache.org>
+Date: Sat, 9 Feb 2019 11:50:03 +0100
+Subject: [PATCH] THRIFT-4784 Thrift should throw when skipping over unexpected
+ data Client: as3 Patch: Jens Geyer
+
+---
+ lib/as3/src/org/apache/thrift/protocol/TProtocolUtil.as | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/as3/src/org/apache/thrift/protocol/TProtocolUtil.as b/lib/as3/src/org/apache/thrift/protocol/TProtocolUtil.as
+index 513df954be..22877b75b2 100644
+--- a/lib/as3/src/org/apache/thrift/protocol/TProtocolUtil.as
++++ b/lib/as3/src/org/apache/thrift/protocol/TProtocolUtil.as
+@@ -141,7 +141,7 @@ package org.apache.thrift.protocol {
+           break;
+         }
+         default:
+-          break;
++          throw new TProtocolError(TProtocolError.INVALID_DATA, "invalid data");
+       }
+     }
+   }
diff --git a/CVE-2019-0210.patch b/CVE-2019-0210.patch
new file mode 100644
index 0000000000000000000000000000000000000000..0a98b0ed07f67d3b2e4c54a8698a21a7c4b88794
--- /dev/null
+++ b/CVE-2019-0210.patch
@@ -0,0 +1,79 @@
+From 264a3f318ed3e9e51573f67f963c8509786bcec2 Mon Sep 17 00:00:00 2001
+From: Jens Geyer <jensg@apache.org>
+Date: Sat, 23 Feb 2019 13:11:40 +0100
+Subject: [PATCH] additional test for TSimpleJSONProtocol
+
+---
+ lib/go/thrift/json_protocol.go             |  5 +----
+ lib/go/thrift/simple_json_protocol.go      |  4 ++--
+ lib/go/thrift/simple_json_protocol_test.go | 22 ++++++++++++++++++++++
+ 3 files changed, 25 insertions(+), 6 deletions(-)
+
+diff --git a/lib/go/thrift/json_protocol.go b/lib/go/thrift/json_protocol.go
+index 7be685d43f..800ac22c7b 100644
+--- a/lib/go/thrift/json_protocol.go
++++ b/lib/go/thrift/json_protocol.go
+@@ -31,10 +31,7 @@ const (
+ // for references to _ParseContext see tsimplejson_protocol.go
+ 
+ // JSON protocol implementation for thrift.
+-//
+-// This protocol produces/consumes a simple output format
+-// suitable for parsing by scripting languages.  It should not be
+-// confused with the full-featured TJSONProtocol.
++// Utilizes Simple JSON protocol
+ //
+ type TJSONProtocol struct {
+ 	*TSimpleJSONProtocol
+diff --git a/lib/go/thrift/simple_json_protocol.go b/lib/go/thrift/simple_json_protocol.go
+index 2e8a71112a..f5e0c05d18 100644
+--- a/lib/go/thrift/simple_json_protocol.go
++++ b/lib/go/thrift/simple_json_protocol.go
+@@ -59,7 +59,7 @@ func (p _ParseContext) String() string {
+ 	return "UNKNOWN-PARSE-CONTEXT"
+ }
+ 
+-// JSON protocol implementation for thrift.
++// Simple JSON protocol implementation for thrift.
+ //
+ // This protocol produces/consumes a simple output format
+ // suitable for parsing by scripting languages.  It should not be
+@@ -1316,7 +1316,7 @@ func (p *TSimpleJSONProtocol) readNumeric() (Numeric, error) {
+ func (p *TSimpleJSONProtocol) safePeekContains(b []byte) bool {
+ 	for i := 0; i < len(b); i++ {
+ 		a, _ := p.reader.Peek(i + 1)
+-		if len(a) == 0 || a[i] != b[i] {
++		if len(a) < (i+1) || a[i] != b[i] {
+ 			return false
+ 		}
+ 	}
+diff --git a/lib/go/thrift/simple_json_protocol_test.go b/lib/go/thrift/simple_json_protocol_test.go
+index 7b98082a4e..0126da0a8e 100644
+--- a/lib/go/thrift/simple_json_protocol_test.go
++++ b/lib/go/thrift/simple_json_protocol_test.go
+@@ -713,3 +713,25 @@ func TestWriteSimpleJSONProtocolMap(t *testing.T) {
+ 	}
+ 	trans.Close()
+ }
++
++func TestWriteSimpleJSONProtocolSafePeek(t *testing.T) {
++	trans := NewTMemoryBuffer()
++	p := NewTSimpleJSONProtocol(trans)
++	trans.Write([]byte{'a', 'b'})
++	trans.Flush(context.Background())
++	
++	test1 := p.safePeekContains([]byte{'a', 'b'})
++	if !test1 {
++		t.Fatalf("Should match at test 1")
++	}
++	
++	test2 := p.safePeekContains([]byte{'a', 'b', 'c', 'd'})
++	if test2 {
++		t.Fatalf("Should not match at test 2")
++	}
++	
++	test3 := p.safePeekContains([]byte{'x', 'y'})
++	if test3 {
++		t.Fatalf("Should not match at test 3")
++	}
++}
diff --git a/thrift.spec b/thrift.spec
index 30acae91aba091ea15f0ab36b0655f6dfcf6bd22..b91a80f0ccc7c9baee62806befba380ba6043b08 100644
--- a/thrift.spec
+++ b/thrift.spec
@@ -30,7 +30,7 @@
 %global golang_configure --without-go
 Name:                thrift
 Version:             0.10.0
-Release:             1
+Release:             3
 Summary:             Software framework for cross-language services development
 License:             ASL 2.0 and BSD and zlib
 URL:                 https://thrift.apache.org/
@@ -44,6 +44,11 @@ Patch2:              configure-java-prefix.patch
 Patch3:              fix-ppc64le-builds.patch
 Patch4:              THRIFT-4177.patch
 Patch5:              python3.patch
+Patch6:              CVE-2018-11798.patch
+Patch7:              CVE-2018-1320.patch
+Patch8:              CVE-2019-0205.patch
+Patch9:              CVE-2019-0210.patch
+
 BuildRequires:       ant >= 1.7 autoconf automake bison boost-devel flex flex-devel gcc-c++
 BuildRequires:       glib2-devel libevent-devel libstdc++-devel libtool openssl-devel qt-devel
 BuildRequires:       texlive zlib-devel
@@ -361,5 +366,11 @@ find %{buildroot} -name \*.py -exec grep -q /usr/bin/env {} \; -print | xargs -r
 %doc LICENSE NOTICE
 
 %changelog
+* Tue Nov 12 2020 wangxiao <wangxiao65@huawei.com> - 0.10.0-3
+- Fix CVE-2019-0205 and CVE-2019-0210
+
+* Thu Nov 05 2020 wangyue <wangyue92@huawei.com> - 0.10.0-2
+- Fix CVE-2018-11798 and CVE-2018-1320.
+
 * Tue Aug 18 2020 yaokai <yaokai13@huawei.com> - 0.10.0-1
 - package init