Input validation

2016-08-1921:59:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.6%

JSON

Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.

CPENameOperatorVersion
sentryeq1.6.0
sentryeq1.5.1

CPE	Name	Operator	Version
	sentry	eq	1.6.0
	sentry	eq	1.5.1

References

mail-archives.apache.org/mod_mbox/sentry-dev/201608.mbox/%3CCACMN7ixDqDyOZGLEvsMUVHBiJ6crq8zdy%2B2mNfRooNhnk7CJ1g%40mail.gmail.com%3E

www.securityfocus.com/bid/92328