CVE-2016-5397 — Vulnetix

Try Vulnetix Request Demo

CVE-2016-5397 PUBLISHED

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.

EPSS 22.57% · 95.8th percentile

Risk Scores

EPSS Score

22.57%

95.8th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	thrift-compiler	0, 0.9.1-2.1
Ubuntu:16.04:LTS	thrift-compiler	0, 0.9.1-2

Timeline

Feb 12, 2018 CVE Published
Jun 28, 2021 PoC Published
Dec 11, 2021 PoC Published
Dec 13, 2021 PoC Published
Dec 18, 2021 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jun 7, 2022 PoC Published
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Sep 16, 2022 PoC Published
Oct 23, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2016-5397 third-party-advisory
https://issues.apache.org/jira/browse/THRIFT-3893 third-party-advisory
https://github.com/apache/thrift/commit/2007783e874d524a46b818598a45078448ecc53e third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2016-5397 third-party-advisory

Open in Interactive Console →