VDB
CVE-2016-5397
CVE-2016-5397
PUBLISHED
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
EPSS 22.57% · 96.0th percentile
Risk Scores
EPSS Score
22.57%
96.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | thrift-compiler | 0, 0.9.1-2.1 |
| Ubuntu:16.04:LTS | thrift-compiler | 0.9.1-2, 0 |
Exploit Intelligence
- https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 opened a new pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] apurtell commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] apurtell edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210216 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 (circl)
…and 272 more exploits
Timeline
- Feb 12, 2018 CVE Published
- Jun 28, 2021 PoC Published
- Dec 11, 2021 PoC Published
- Dec 13, 2021 PoC Published
- Dec 18, 2021 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jun 7, 2022 PoC Published
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Sep 16, 2022 PoC Published
- Oct 26, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-5397 third-party-advisory
- https://issues.apache.org/jira/browse/THRIFT-3893 third-party-advisory
- https://github.com/apache/thrift/commit/2007783e874d524a46b818598a45078448ecc53e third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-5397 third-party-advisory