189 matches found
Remote Code Execution (RCE)
org.apache.hive, hive-exec is vulnerable to Remote Code Execution RCE. The vulnerability is due to the unsafe deserialization of arbitrary data using the SerializationUtilitiesdeserializeObjectWithTypeInformation method, which allows attackers to execute arbitrary code if they are authenticated a...
Apache Hive Code Execution Vulnerability
Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. A code...
Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore
Apache Hive Metastore HMS uses SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution RCE since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be...
GHSA-6HQR-C69M-R76Q Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore
Apache Hive Metastore HMS uses SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution RCE since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be...
CVE-2022-41137
Apache Hive Metastore HMS uses SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution RCE since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be...
CVE-2022-41137 Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore
Apache Hive Metastore HMS uses SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution RCE since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be...
CVE-2022-41137 Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore
Apache Hive Metastore HMS uses SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution RCE since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be...
CVE-2022-41137
CVE-2022-41137 describes a vulnerability in Apache Hive Metastore (HMS) where the call to SerializationUtilities#deserializeObjectWithTypeInformation during filtering/fetching partitions is unsafe and can lead to remote code execution (RCE) via deserializing arbitrary data. The exploit requires a...
CVE-2022-41137 Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore
Apache Hive Metastore HMS uses SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution RCE since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be...
Apache Hive 安全漏洞
Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. A code...
PT-2024-11639 · Apache · Apache Hive Metastore
Name of the Vulnerable Software and Affected Versions: Apache Hive Metastore HMS affected versions not specified Description: The issue concerns the use of the SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions, which is unsafe and can lead to...
Apache Hive Code Injection Vulnerability
Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. A code...
Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.
Summary Common vulnerabilities reported in Cloudera Data Platform Private Cloud Base 7.1.9 have been addressed, and are available in Hotfix 2. Vulnerability Details CVEID:CVE-2015-1772 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by an error in th...
Code Injection
Apache Hive is vulnerable to Code Injection. The vulnerability is caused by improper sanitization or validation of user-supplied URLs in the openBrowserWindow method within HiveJdbcBrowserClient.java, which allows an authenticated attacker to submit a malicious URL which results in command...
GHSA-VPW3-3PRF-3974 Apache Hive Code Injection vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious user must have...
Apache Hive Code Injection vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious user must have...
CVE-2023-35701
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious user must have...
CVE-2023-35701 Apache Hive: Arbitrary command execution via JDBC driver
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious user must have...
CVE-2023-35701 Apache Hive: Arbitrary command execution via JDBC driver
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious user must have...
CVE-2023-35701
Summary (CVE-2023-35701) : The issue is an improper control of code generation (code injection) in the Apache Hive JDBC driver component . It can allow an attacker with sufficient JDBC URL permissions to trigger arbitrary commands on the machine running the JDBC client, by serving a malicious HTT...