Lucene search

K
osvGoogleOSV:GHSA-R4M4-PMVW-M6J5
HistoryMay 13, 2022 - 1:25 a.m.

Apache Thrift Go Library Command Injection

2022-05-1301:25:56
Google
osv.dev
19
apache thrift
go client library
command injection
code generation
external formatting tool
security vulnerability
apache thrift 0.9.3
apache thrift 0.10.0

EPSS

0.005

Percentile

77.2%

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.

EPSS

0.005

Percentile

77.2%