The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
References
Configurations
History
07 Nov 2023, 02:33
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2018-02-12 17:29
Updated : 2024-02-28 16:25
NVD link : CVE-2016-5397
Mitre link : CVE-2016-5397
CVE.ORG link : CVE-2016-5397
JSON object : View
Products Affected
apache
- thrift
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')