Unauthorized Write To Arbitrary Location
Hive HPL/SQL is vulnerable to unauthorized write to arbitrary location. FTP client in HPL/SQL fails to validate the download destination location for COPY FROM FTP statement, thereby allowing a malicious FTP server to run the command to download the file to any location...