3 matches found
GHSA-6HQR-C69M-R76Q Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore
Apache Hive Metastore HMS uses SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution RCE since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be...
CVE-2022-41137 Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore
Apache Hive Metastore HMS uses SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution RCE since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be...
PT-2024-11639 · Apache · Apache Hive Metastore
Name of the Vulnerable Software and Affected Versions: Apache Hive Metastore HMS affected versions not specified Description: The issue concerns the use of the SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions, which is unsafe and can lead to...