CVE-2016-5397

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://issues.apache.org/jira/browse/THRIFT-3893", "name": "https://issues.apache.org/jira/browse/THRIFT-3893", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://mail-archives.apache.org/mod_mbox/thrift-user/201701.mbox/raw/%3CCANyrgvc3W%3DMJ9S-hMZecPNzxkyfgNmuSgVfW2hdDSz5ke%2BOPhQ%40mail.gmail.com%3E", "name": "[user] 20170113 [NOTICE]: Apache Thrift Security Vulnerability CVE-2016-5397", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "http://www.securityfocus.com/bid/103025", "name": "103025", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2669", "name": "RHSA-2018:2669", "tags": [], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3140", "name": "RHSA-2019:3140", "tags": [], "refsource": "REDHAT"}, {"url": "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6", "tags": [], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-77"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-5397", "ASSIGNER": "security@apache.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2018-02-12T17:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:thrift:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.9.3"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-06-04T17:15Z"}