GHSA-r4m4-pmvw-m6j5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-r4m4-pmvw-m6j5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r4m4-pmvw-m6j5/GHSA-r4m4-pmvw-m6j5.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-r4m4-pmvw-m6j5
- Aliases
- Published
- 2022-05-13T01:25:56Z
- Modified
- 2023-11-01T04:47:02.502881Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Apache Thrift Go Library Command Injection
- Details
-
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
- Database specific
{ "nvd_published_at": "2018-02-12T17:29:00Z", "cwe_ids": [ "CWE-77" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-07-31T18:21:59Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2016-5397
- https://access.redhat.com/errata/RHSA-2018:2669
- https://access.redhat.com/errata/RHSA-2019:3140
- https://issues.apache.org/jira/browse/THRIFT-3893
- https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E
- https://web.archive.org/web/20210124141102/http://www.securityfocus.com/bid/103025
- http://mail-archives.apache.org/mod_mbox/thrift-user/201701.mbox/raw/%3CCANyrgvc3W%3DMJ9S-hMZecPNzxkyfgNmuSgVfW2hdDSz5ke%2BOPhQ%40mail.gmail.com%3E
Affected packages
Go / github.com/apache/thrift
Package
- Name
- github.com/apache/thrift
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/apache/thrift