3 matches found
com.hindog.grid:grid-executor-examples_2.11 (>=1.1.0 <=2.0.1) potentially affected by CVE-2018-1284 via org.apache.hive:hive (=2.1.1)
org.apache.hive:hive MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive and may be impacted: - com.hindog.grid:grid-executor-examples2.11 =1.1.0, =2.0.1 Source cves: CVE-2018-1284 Source advisory:...
ai.h2o:h2o-orc-parser (>=3.18.0.9 <=3.46.0.11), com.amazon.emr:hive2-shims (>=5.0.0 <=5.6.0) +109 more potentially affected by CVE-2018-1284 via org.apache.hive:hive-exec (>=0.8.0 <=2.3.2)
org.apache.hive:hive-exec MAVEN version =0.8.0, =3.18.0.9, =5.0.0, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =4.1.2-RELEASE, =0.1.1, =4.0.0-preview22.0.1, =1.0.5, =0.1.5, =0.1.5, =0.3.3 and more Source cves: CVE-2018-1284 Source advisory: OSV:GHSA-RXMR-C9JM-7MM8...
CVE-2018-1284
In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs xpath/xpathstring/xpathboolean/xpathnumber/xpathdouble/xpathfloat/xpathlong/xpathint/xpathshort to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user usually hive if...