{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T14:33:49.947","vulnerabilities":[{"cve":{"id":"CVE-2016-5397","sourceIdentifier":"security@apache.org","published":"2018-02-12T17:29:00.213","lastModified":"2024-11-21T02:54:14.087","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0."},{"lang":"es","value":"La biblioteca del cliente Apache Thrift Go expuso su potencial para inyección de comandos durante la generación de código debido al uso de una herramienta de formateo externa. Las versiones 0.9.3 y anteriores de Apache Thrift se han visto afectadas; se ha solucionado en Apache Thrift 0.10.0."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:thrift:*:*:*:*:*:*:*:*","versionEndIncluding":"0.9.3","matchCriteriaId":"8C0E41E6-879D-4A9A-B863-D05F6266574E"}]}]}],"references":[{"url":"http://mail-archives.apache.org/mod_mbox/thrift-user/201701.mbox/raw/%3CCANyrgvc3W%3DMJ9S-hMZecPNzxkyfgNmuSgVfW2hdDSz5ke%2BOPhQ%40mail.gmail.com%3E","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/103025","source":"security@apache.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:2669","source":"security@apache.org"},{"url":"https://access.redhat.com/errata/RHSA-2019:3140","source":"security@apache.org"},{"url":"https://issues.apache.org/jira/browse/THRIFT-3893","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E","source":"security@apache.org"},{"url":"http://mail-archives.apache.org/mod_mbox/thrift-user/201701.mbox/raw/%3CCANyrgvc3W%3DMJ9S-hMZecPNzxkyfgNmuSgVfW2hdDSz5ke%2BOPhQ%40mail.gmail.com%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/103025","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:2669","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2019:3140","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://issues.apache.org/jira/browse/THRIFT-3893","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}