ID CVE-2016-5397
Summary The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
refmap via4
bid 103025
confirm https://issues.apache.org/jira/browse/THRIFT-3893
mlist [user] 20170113 [NOTICE]: Apache Thrift Security Vulnerability CVE-2016-5397
Last major update 12-02-2018 - 12:29
Published 12-02-2018 - 12:29
Last modified 16-02-2018 - 21:29
Back to Top