Lucene search
+L

189 matches found

Veracode
Veracode
added 2024/12/13 1:30 p.m.12 views

Remote Code Execution (RCE)

org.apache.hive, hive-exec is vulnerable to Remote Code Execution RCE. The vulnerability is due to the unsafe deserialization of arbitrary data using the SerializationUtilitiesdeserializeObjectWithTypeInformation method, which allows attackers to execute arbitrary code if they are authenticated a...

8.3CVSS8.5AI score0.01656EPSS
Exploits0References6Affected Software1
CNVD
CNVD
added 2024/12/13 12:0 a.m.9 views

Apache Hive Code Execution Vulnerability

Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. A code...

8.3CVSS7.7AI score0.01656EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/12/05 12:31 p.m.31 views

Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore

Apache Hive Metastore HMS uses SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution RCE since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be...

8.3CVSS8AI score0.01656EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/12/05 12:31 p.m.21 views

GHSA-6HQR-C69M-R76Q Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore

Apache Hive Metastore HMS uses SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution RCE since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be...

8.3CVSS8.6AI score0.01656EPSS
Exploits0References6
NVD
NVD
added 2024/12/05 10:15 a.m.27 views

CVE-2022-41137

Apache Hive Metastore HMS uses SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution RCE since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be...

8.3CVSS0.01656EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/12/05 10:1 a.m.10 views

CVE-2022-41137 Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore

Apache Hive Metastore HMS uses SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution RCE since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be...

7.7AI score0.01656EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/12/05 10:1 a.m.41 views

CVE-2022-41137 Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore

Apache Hive Metastore HMS uses SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution RCE since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be...

0.01656EPSS
Exploits0References4
CVE
CVE
added 2024/12/05 10:1 a.m.125 views

CVE-2022-41137

CVE-2022-41137 describes a vulnerability in Apache Hive Metastore (HMS) where the call to SerializationUtilities#deserializeObjectWithTypeInformation during filtering/fetching partitions is unsafe and can lead to remote code execution (RCE) via deserializing arbitrary data. The exploit requires a...

8.3CVSS7.3AI score0.01656EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/12/05 10:1 a.m.10 views

CVE-2022-41137 Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore

Apache Hive Metastore HMS uses SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution RCE since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be...

8.3CVSS7.4AI score0.01656EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/12/05 12:0 a.m.7 views

Apache Hive 安全漏洞

Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. A code...

8.3CVSS8.3AI score0.01656EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/12/04 12:0 a.m.9 views

PT-2024-11639 · Apache · Apache Hive Metastore

Name of the Vulnerable Software and Affected Versions: Apache Hive Metastore HMS affected versions not specified Description: The issue concerns the use of the SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions, which is unsafe and can lead to...

8.3CVSS8.4AI score0.01656EPSS
Exploits0References13
CNVD
CNVD
added 2024/05/09 12:0 a.m.7 views

Apache Hive Code Injection Vulnerability

Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. A code...

6.6CVSS7.5AI score0.01103EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/07 7:59 p.m.66 views

Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.

Summary Common vulnerabilities reported in Cloudera Data Platform Private Cloud Base 7.1.9 have been addressed, and are available in Hotfix 2. Vulnerability Details CVEID:CVE-2015-1772 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by an error in th...

9CVSS9.9AI score0.53861EPSS
Exploits2Affected Software1
Veracode
Veracode
added 2024/05/06 4:26 a.m.22 views

Code Injection

Apache Hive is vulnerable to Code Injection. The vulnerability is caused by improper sanitization or validation of user-supplied URLs in the openBrowserWindow method within HiveJdbcBrowserClient.java, which allows an authenticated attacker to submit a malicious URL which results in command...

6.6CVSS6.8AI score0.01103EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/03 9:30 a.m.46 views

GHSA-VPW3-3PRF-3974 Apache Hive Code Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious user must have...

6.6CVSS6.8AI score0.01103EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/05/03 9:30 a.m.37 views

Apache Hive Code Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious user must have...

6.6CVSS6.9AI score0.01103EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/05/03 9:15 a.m.22 views

CVE-2023-35701

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious user must have...

6.6CVSS7.4AI score0.01103EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/03 8:11 a.m.21 views

CVE-2023-35701 Apache Hive: Arbitrary command execution via JDBC driver

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious user must have...

6.9AI score0.01103EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/03 8:11 a.m.25 views

CVE-2023-35701 Apache Hive: Arbitrary command execution via JDBC driver

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious user must have...

7.7AI score0.01103EPSS
Exploits0References2
CVE
CVE
added 2024/05/03 8:11 a.m.90 views

CVE-2023-35701

Summary (CVE-2023-35701) : The issue is an improper control of code generation (code injection) in the Apache Hive JDBC driver component . It can allow an attacker with sufficient JDBC URL permissions to trigger arbitrary commands on the machine running the JDBC client, by serving a malicious HTT...

6.6CVSS6.9AI score0.01103EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder