Candidate: CVE-2016-5397
PublicDate: 2018-02-12 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5397
 https://issues.apache.org/jira/browse/THRIFT-3893
 https://github.com/apache/thrift/commit/2007783e874d524a46b818598a45078448ecc53e
Description:
 The Apache Thrift Go client library exposed the potential during code
 generation for command injection due to using an external formatting tool.
 Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894577
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_thrift-compiler:
upstream_thrift-compiler: needs-triage
precise/esm_thrift-compiler: DNE
trusty_thrift-compiler: ignored (out of standard support)
trusty/esm_thrift-compiler: DNE
xenial_thrift-compiler: ignored (end of standard support, was needed)
bionic_thrift-compiler: needed
focal_thrift-compiler: DNE
groovy_thrift-compiler: DNE
hirsute_thrift-compiler: DNE
impish_thrift-compiler: DNE
jammy_thrift-compiler: DNE
devel_thrift-compiler: DNE

Patches_thrift:
upstream_thrift: released (0.11.0-3)
precise/esm_thrift: DNE
trusty_thrift: ignored (out of standard support)
trusty/esm_thrift: DNE
xenial_thrift: DNE
bionic_thrift: DNE
focal_thrift: not-affected (0.13.0-2build2)
groovy_thrift: not-affected
hirsute_thrift: not-affected
impish_thrift: not-affected
jammy_thrift: not-affected
devel_thrift: not-affected