CVE-2016-5397
Summary
| CVE | CVE-2016-5397 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-02-12 17:29:00 UTC |
| Updated | 2023-11-07 02:33:00 UTC |
| Description | The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0. |
Risk And Classification
Problem Types: CWE-77
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Pony Mail! | MLIST | lists.apache.org | |
| [user] 20170113 [NOTICE]: Apache Thrift Security Vulnerability CVE-2016-5397 | MLIST | mail-archives.apache.org | Mailing List, Vendor Advisory |
| Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Pony Mail! | lists.apache.org | ||
| [THRIFT-3893] Command injection in format_go_output - ASF JIRA | CONFIRM | issues.apache.org | Vendor Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.