CVE-2016-5397
CVE-2016-5397
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
Productos afectados
Apache Software Foundation · Apache Thrift¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://mail-archives.apache.org/mod_mbox/thrift-user/201701.mbox/raw/%3CCANyrgvc3W%3DMJ9S-hMZecPNzxkyfgNmuSgVfW2hdDSz5ke%2BOPhQ%40mail.gmail.com%3Ehttps://access.redhat.com/errata/RHSA-2018:2669https://access.redhat.com/errata/RHSA-2019:3140https://issues.apache.org/jira/browse/THRIFT-3893https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3Ehttp://www.securityfocus.com/bid/103025