6 matches found
com.pingcap.tispark:spark-wrapper-spark-2.4 (>=2.4.4-scala_2.12 <=2.4.4-scala_2.12-RC2), com.pingcap.tispark:spark-wrapper-spark-3.0 (>=2.5.0 <=2.5.3) +21 more potentially affected by CVE-2024-23945 via org.apache.spark:spark-hive-thriftserver_2.12 (>=2.4.8 <=3.3.1)
org.apache.spark:spark-hive-thriftserver2.12 MAVEN version =2.4.8, =2.4.4-scala2.12, =2.5.0, =3.0.1, =2.5.0, =3.0.1, =3.0.1, =3.1.0, =2.4.4-scala2.12, =2.5.1, =3.0.1, =2.5.1, =3.0.1, =3.0.1, =3.1.0, =2.4.4-scala2.12, =3.2.3 and more Source cves: CVE-2024-23945 Source advisory:...
co.elastic.release-test:dist (=9.0.4), co.elastic.release-test:elasticsearch-hadoop-hive (=9.0.4) +194 more potentially affected by CVE-2024-23945 via org.apache.hive:hive-service (>=1.2.0 <=4.0.0-beta-1)
org.apache.hive:hive-service MAVEN version =1.2.0, =5.0.0, =1.7.0, =3.0.0, =0.1.1, =2.0.1-preview, =2.0.0, =5.0.1 - com.hotels:mutant-swarm =1.1.0 - com.hotels:waggle-dance =4.0.0 - com.hotels:waggle-dance-boot =4.0.0 - com.hotels:waggle-dance-core =4.0.0 and more Source cves: CVE-2024-23945 Sour...
CVE-2024-23945
Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...
CVE-2024-23945 Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails
Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...
CVE-2024-23945
CVE-2024-23945 → CookieSigner exposes the correct cookie signature to end users when a signature mismatch occurs. Affected: Hive service component and Spark Hive-ThriftServer (versions tied to HIVE-9710 1.2.0 and SPARK-14987 2.0.0). Root cause: flawed CookieSigner logic allows exposure of the sig...
CVE-2024-23945 Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails
Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...