Описание
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
Отчет
libthrift is a library used by OpenDaylight which is shipped with Red Hat OpenStack. Whilst the version of the library used contains the vulnerable code it is not used by OpenDaylight and hence not exposed. JBoss fuse 6.3 ships libthrift via insight-activemq fabric-8 profile, however the vulnerable code is not used by fabric-8 so fuse 6.3 is not affected.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | thrift | Not affected | ||
| Red Hat JBoss Fuse 6 | karaf | Not affected | ||
| Red Hat JBoss Fuse Integration Service 2 | libthrift | Affected | ||
| Red Hat JBoss Fuse Service Works 6 | thrift | Not affected | ||
| Red Hat JBoss Operations Network 3 | libthrift | Not affected | ||
| Red Hat OpenShift Enterprise 3 | thrift | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | libthrift | Will not fix | ||
| Red Hat OpenStack Platform 11 (Ocata) | libthrift | Will not fix | ||
| Red Hat OpenStack Platform 12 (Pike) | libthrift | Will not fix | ||
| Red Hat OpenStack Platform 13 (Queens) | opendaylight | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
The Apache Thrift Go client library exposed the potential during code ...
EPSS
7.8 High
CVSS3