Lucene search
GoogleOSV:GHSA-R4M4-PMVW-M6J5HistoryMay 13, 2022 - 1:25 a.m.
Apache Thrift Go Library Command Injection
2022-05-1301:25:56
Google
osv.dev
10
0.005 Low
EPSS
Percentile
77.2%
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/apache/thrift | lt | 0.10.0 |
References
mail-archives.apache.org/mod_mbox/thrift-user/201701.mbox/raw/%3CCANyrgvc3W%3DMJ9S-hMZecPNzxkyfgNmuSgVfW2hdDSz5ke%2BOPhQ%40mail.gmail.com%3E
access.redhat.com/errata/RHSA-2018:2669
access.redhat.com/errata/RHSA-2019:3140
issues.apache.org/jira/browse/THRIFT-3893
lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2016-5397
web.archive.org/web/20210124141102/www.securityfocus.com/bid/103025
Related
ubuntucve
ubuntucve
CVE-2016-5397
2018-02-12 00:00:00
cvelist
cvelist
CVE-2016-5397
2017-01-13 00:00:00
nvd
nvd
CVE-2016-5397
2018-02-12 17:29:00
github
github
Apache Thrift Go Library Command Injection
2022-05-13 01:25:56
cve
cve
CVE-2016-5397
2018-02-12 17:29:00
redhatcve
redhatcve
CVE-2016-5397
2018-02-13 04:49:25
veracode
veracode
Remote Code Execution (RCE)
2018-05-15 05:18:27
prion
prion
Command injection
2018-02-12 17:29:00
debiancve
debiancve
CVE-2016-5397
2018-02-12 17:29:00
osv
osv
CVE-2016-5397
2018-02-12 17:29:00
ibm
ibm
redhat
redhat
(RHSA-2019:3140) Important: Red Hat JBoss Data Virtualization 6.4.8 security update
2019-10-17 14:53:06
(RHSA-2018:2669) Important: Fuse 7.1 security update
2018-09-11 07:52:48