3 matches found
com.amazon.emr:hive2-shims (>=5.0.0 <=5.6.0), com.boozallen.aissemble:extensions-data-delivery-spark (>=1.13.0-rc6 <=2.0.0) +59 more potentially affected by CVE-2018-1315 via org.apache.hive:hive-exec (>=2.1.0 <=2.3.2)
org.apache.hive:hive-exec MAVEN version =2.1.0, =5.0.0, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =4.1.2-RELEASE, =4.0.0-preview22.0.1, =5.6.0, =4.1.0, =4.0.00.31.1-prerelease6, =4.0.0, =4.1.0, =4.2.0 and more Source cves: CVE-2018-1315 Source advisory: OSV:GHSA-P639-XXV5-J...
com.hotels:beeju (=4.0.1), com.mydataharbor:jdbc-hive-2.2.x-plugin (>=1.1.1 <=2.0.2) +45 more potentially affected by CVE-2018-1315 via org.apache.hive:hive-service (>=2.1.0 <=2.3.2)
org.apache.hive:hive-service MAVEN version =2.1.0, =1.1.1, =1.1.0, =5.1.0, =1.15.4, =0.9.1, =0.8.4, =0.8.3, =0.8.3, =0.8.3, =0.8.3, =1.2.0, =2.0.1, =1.2.0, =3.0.6 and more Source cves: CVE-2018-1315 Source advisory: OSV:GHSA-P639-XXV5-J383...
CVE-2018-1315
CVE-2018-1315 affects Apache Hive 2.1.0–2.3.2 when using the HPL/SQL extension and issuing COPY FROM FTP. The FTP client does not verify the destination path, allowing a compromised FTP server to cause the downloaded file to be written to an arbitrary location on the cluster where the command is ...