CVE-2016-5397

Summary

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Thriftversions prior to 0.10.0affected

Weaknesses

  • Command Injection

ADP Enrichment

CVE Program Container

Additional References

References