CVE-2016-5397
HIGH8.8EPSS 22.6%Apache Thrift Go Library Command Injection
發布日:2022/5/13修改日:2026/4/28
描述
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
受影響套件(2)
- Debian/thriftfrom 0, < 0.11.0-3
- Go/github.com/apache/thriftfrom 0, < 0.10.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-5397
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-5397
- WEBhttp://mail-archives.apache.org/mod_mbox/thrift-user/201701.mbox/raw/%3CCANyrgvc3W%3DMJ9S-hMZecPNzxkyfgNmuSgVfW2hdDSz5ke%2BOPhQ%40mail.gmail.com%3E
- WEBhttps://access.redhat.com/errata/RHSA-2018:2669
- WEBhttps://access.redhat.com/errata/RHSA-2019:3140
- WEBhttps://issues.apache.org/jira/browse/THRIFT-3893
- WEBhttps://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E
- WEBhttps://web.archive.org/web/20210124141102/http://www.securityfocus.com/bid/103025