CVE-2016-0760

2016-08-1921:00:00

redhat

www.cve.org

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.6%

JSON

Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.

References

mail-archives.apache.org/mod_mbox/sentry-dev/201608.mbox/%3CCACMN7ixDqDyOZGLEvsMUVHBiJ6crq8zdy%2B2mNfRooNhnk7CJ1g%40mail.gmail.com%3E

www.securityfocus.com/bid/92328