CVE-2016-5397 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-5397 Interim 1 3 2021-06-09T12:44:20Z current 2021-05-30T13:43:45Z 2021-06-09T12:44:20Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-5397 The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0. CVE-2016-5397 important 9 AV:N/AC:L/Au:S/C:C/I:C/A:C 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H