3 matches found
org.apache.hive.hcatalog:hive-hcatalog-core (=4.0.0-alpha-1), org.apache.hive.hcatalog:hive-hcatalog-pig-adapter (=4.0.0-alpha-1) +18 more potentially affected by CVE-2022-41137 via org.apache.hive:hive-exec (=4.0.0-alpha-1)
org.apache.hive:hive-exec MAVEN version =4.0.0-alpha-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-exec and may be impacted: - org.apache.hive.hcatalog:hive-hcatalog-core =4.0.0-alpha-1 -...
CVE-2022-41137
creationtimestamp| type| source ---|---|--- 2024-12-05 10:06:44+00:00| seen| https://infosec.exchange/users/cve/statuses/113599657042916914 2024-12-05 12:50:46+00:00| seen| https://t.me/cvedetector/12076...
CVE-2022-41137
CVE-2022-41137 describes a vulnerability in Apache Hive Metastore (HMS) where the call to SerializationUtilities#deserializeObjectWithTypeInformation during filtering/fetching partitions is unsafe and can lead to remote code execution (RCE) via deserializing arbitrary data. The exploit requires a...