PT-2018-4929 · Apache+1 · Apache Thrift+1

Felix Groebert

Published

2017-11-23

Updated

2022-05-13

CVE-2016-5397

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache Thrift versions 0.9.3 and older

Description The issue arises from the use of an external formatting tool during code generation, potentially exposing the system to command injection.

Recommendations For Apache Thrift versions 0.9.3 and older, update to Apache Thrift 0.10.0 to resolve the issue.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

ALT-PU-2017-2692

CVE-2016-5397

GHSA-R4M4-PMVW-M6J5

Affected Products

Alt Linux

Apache Thrift

PT-2018-4929 · Apache+1 · Apache Thrift+1

CVE-2016-5397

Weakness Enumeration

Related Identifiers

Affected Products

References · 21