← voltar
CVE-2016-5397

CVE-2016-5397

EPSS 7.1%
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 7.1%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
12 fev 2018Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
Produtos afetados
Apache Software Foundation · Apache Thrift

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://mail-archives.apache.org/mod_mbox/thrift-user/201701.mbox/raw/%3CCANyrgvc3W%3DMJ9S-hMZecPNzxkyfgNmuSgVfW2hdDSz5ke%2BOPhQ%40mail.gmail.com%3Ehttps://access.redhat.com/errata/RHSA-2018:2669https://access.redhat.com/errata/RHSA-2019:3140https://issues.apache.org/jira/browse/THRIFT-3893https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3Ehttp://www.securityfocus.com/bid/103025