CVE-2016-5397 – github.com/apache/thrift

Package

Manager: go
Name: github.com/apache/thrift
Vulnerable Version: >=0 <0.10.0

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.07814 pctl0.91626

Details

Apache Thrift Go Library Command Injection The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.

Metadata

Created: 2022-05-13T01:25:56Z
Modified: 2023-07-31T18:21:59Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r4m4-pmvw-m6j5/GHSA-r4m4-pmvw-m6j5.json
CWE IDs: ["CWE-77"]
Alternative ID: GHSA-r4m4-pmvw-m6j5
Finding: F422
Auto approve: 1