Описание
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| thrift-compiler | unfixed | package | ||
| thrift | fixed | 0.10.0-1 | experimental | package |
| thrift | fixed | 0.11.0-3 | package |
Примечания
https://issues.apache.org/jira/browse/THRIFT-3893
https://github.com/apache/thrift/commit/2007783e874d524a46b818598a45078448ecc53e
Fixed in 0.10.0 upstream, and in experimental src:thrift/0.10.0-1 is present
src:thrift only present in experimental
Go bindings only enabled in 0.9.3-2 (not yet in unstable)
Only ever affected src:thrift in experimental, and fixed in src:thrift/0.10.0-1
so any future upload of thrift to unstable can mark this item as <not-affected>
(fixed before the initial upload to Debian unstable)
EPSS
Связанные уязвимости
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
EPSS