CVE-2016-5397

Published: 2/12/2018 Last updated: 9/16/2024 Reserved: 6/10/2016

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.

CNA assigner: apache (f0158376-9dc2-43b6-827c-5f631a4d8d09) Requested by: n/a

Opam packages affected (1)

thrift

Products affected (1)

Product	Vendor	Version
Apache Thrift	Apache Software Foundation	n/a

References (12)

http://www.securityfocus.com/bid/103025
https://access.redhat.com/errata/RHSA-2018:2669
https://issues.apache.org/jira/browse/THRIFT-3893
http://mail-archives.apache.org/mod_mbox/thrift-user/201701.mbox/raw/%3CCANyrgvc3W=MJ9S-hMZecPNzxkyfgNmuSgVfW2hdDSz5ke+OPhQ@mail.gmail.com%3E
https://access.redhat.com/errata/RHSA-2019:3140
https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E
http://www.securityfocus.com/bid/103025
https://access.redhat.com/errata/RHSA-2018:2669
https://issues.apache.org/jira/browse/THRIFT-3893
http://mail-archives.apache.org/mod_mbox/thrift-user/201701.mbox/raw/%3CCANyrgvc3W=MJ9S-hMZecPNzxkyfgNmuSgVfW2hdDSz5ke+OPhQ@mail.gmail.com%3E
https://access.redhat.com/errata/RHSA-2019:3140
https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E