QID 980867
QID 980867: Java (maven) Security Update for org.apache.hive:hive-service (GHSA-rxmr-c9jm-7mm8)
In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short) to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if hive.server2.enable.doAs=false.
Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.
Solution
Customers are advised to refer to GHSA-rxmr-c9jm-7mm8 for updates pertaining to this vulnerability.
Vendor References
- GHSA-rxmr-c9jm-7mm8 -
github.com/advisories/GHSA-rxmr-c9jm-7mm8
CVEs related to QID 980867
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-rxmr-c9jm-7mm8 | org.apache.hive:hive |
|
|
| GHSA-rxmr-c9jm-7mm8 | org.apache.hive:hive-exec |
|
|
| GHSA-rxmr-c9jm-7mm8 | org.apache.hive:hive-service |
|