Lucene search
ApacheCVELIST:CVE-2016-5397HistoryJan 13, 2017 - 12:00 a.m.
CVE-2016-5397
2017-01-1300:00:00
apache
www.cve.org
1
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
CNA Affected
[
{
"product": "Apache Thrift",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "versions prior to 0.10.0"
}
]
}
]References
mail-archives.apache.org/mod_mbox/thrift-user/201701.mbox/raw/%3CCANyrgvc3W%3DMJ9S-hMZecPNzxkyfgNmuSgVfW2hdDSz5ke%2BOPhQ%40mail.gmail.com%3E
www.securityfocus.com/bid/103025
access.redhat.com/errata/RHSA-2018:2669
access.redhat.com/errata/RHSA-2019:3140
issues.apache.org/jira/browse/THRIFT-3893
lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E
Related
ubuntucve
ubuntucve
CVE-2016-5397
2018-02-12 00:00:00
cve
cve
CVE-2016-5397
2018-02-12 17:29:00
osv
osv
Apache Thrift Go Library Command Injection
2022-05-13 01:25:56
CVE-2016-5397
2018-02-12 17:29:00
nvd
nvd
CVE-2016-5397
2018-02-12 17:29:00
github
github
Apache Thrift Go Library Command Injection
2022-05-13 01:25:56
redhatcve
redhatcve
CVE-2016-5397
2018-02-13 04:49:25
veracode
veracode
Remote Code Execution (RCE)
2018-05-15 05:18:27
prion
prion
Command injection
2018-02-12 17:29:00
debiancve
debiancve
CVE-2016-5397
2018-02-12 17:29:00
ibm
ibm
redhat
redhat
(RHSA-2019:3140) Important: Red Hat JBoss Data Virtualization 6.4.8 security update
2019-10-17 14:53:06
(RHSA-2018:2669) Important: Fuse 7.1 security update
2018-09-11 07:52:48