mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-30 18:04:30 +00:00
78 lines
2.6 KiB
JSON
78 lines
2.6 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security@apache.org",
|
|
"DATE_PUBLIC": "2017-01-13T00:00:00",
|
|
"ID": "CVE-2016-5397",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Apache Thrift",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "versions prior to 0.10.0"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Apache Software Foundation"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Command Injection"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "103025",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/103025"
|
|
},
|
|
{
|
|
"name": "RHSA-2018:2669",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2018:2669"
|
|
},
|
|
{
|
|
"name": "https://issues.apache.org/jira/browse/THRIFT-3893",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://issues.apache.org/jira/browse/THRIFT-3893"
|
|
},
|
|
{
|
|
"name": "[user] 20170113 [NOTICE]: Apache Thrift Security Vulnerability CVE-2016-5397",
|
|
"refsource": "MLIST",
|
|
"url": "http://mail-archives.apache.org/mod_mbox/thrift-user/201701.mbox/raw/%3CCANyrgvc3W%3DMJ9S-hMZecPNzxkyfgNmuSgVfW2hdDSz5ke%2BOPhQ%40mail.gmail.com%3E"
|
|
}
|
|
]
|
|
}
|
|
} |