CVE-2024-23945

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...

OESA-2025-1039 spark security update

Apache Spark achieves high performance for both batch and streaming data, using a state-of-the-art DAG scheduler, a query optimizer, and a physical execution engine. Security Fixes: Signing cookies is an application security feature that adds a digital signature to cookie data to verify its...

co.elastic.release-test:dist (=9.0.4), co.elastic.release-test:elasticsearch-hadoop-hive (=9.0.4) +194 more potentially affected by CVE-2024-23945 via org.apache.hive:hive-service (>=1.2.0 <=4.0.0-beta-1)

org.apache.hive:hive-service MAVEN version =1.2.0, =5.0.0, =1.7.0, =3.0.0, =0.1.1, =2.0.1-preview, =2.0.0, =5.0.1 - com.hotels:mutant-swarm =1.1.0 - com.hotels:waggle-dance =4.0.0 - com.hotels:waggle-dance-boot =4.0.0 - com.hotels:waggle-dance-core =4.0.0 and more Source cves: CVE-2024-23945 Sour...

GHSA-77PM-W3HX-F8MJ Apache Hive and Spark: CookieSigner exposes the correct signature when message verification fails

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...

org.apache.hive:hive-beeline (=1.0.0), org.apache.hive:hive-jdbc (=1.0.0) potentially affected by CVE-2015-1772 via org.apache.hive:hive-service (=1.0.0)

org.apache.hive:hive-service MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-service and may be impacted: - org.apache.hive:hive-beeline =1.0.0 - org.apache.hive:hive-jdbc =1.0.0 Source cves: CVE-2015-1772 Sour...

com.webank.wedatasphere.dss:dolphinscheduler-prod-metrics (>=1.1.0 <=1.2.2), com.wgzhao.addax:hivereader (>=5.1.0 <=6.0.11) +28 more potentially affected by CVE-2017-12625 via org.apache.hive:hive-service (>=2.1.0 <=2.1.1)

org.apache.hive:hive-service MAVEN version =2.1.0, =1.1.0, =5.1.0, =1.15.4, =1.2.0, =2.0.1, =1.2.0, =1.2.0, =1.2.0, =2.0.1, =2.0.1, =3.0.0, =2.0.0, =3.0.0, =3.0.0, =3.0.6 and more Source cves: CVE-2017-12625 Source advisory: OSV:GHSA-2G9Q-CHQ2-W8QWhttps://vulners.com/osv/OSV:GHSA-2G9Q...

com.mydataharbor:jdbc-hive-2.2.x-plugin (>=1.1.1 <=2.0.2) potentially affected by CVE-2017-12625 via org.apache.hive:hive-service (=2.2.0)

org.apache.hive:hive-service MAVEN version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-service and may be impacted: - com.mydataharbor:jdbc-hive-2.2.x-plugin =1.1.1, =2.0.2 Source cves: CVE-2017-12625 Source advisory:...

com.ge.research.semtk:arangoDbService (=2.2.2), com.ge.research.semtk:athenaService (=2.2.2) +129 more potentially affected by CVE-2018-1314 via org.apache.hive:hive-jdbc (>=0.11.0 <=2.3.2)

org.apache.hive:hive-jdbc MAVEN version =0.11.0, =2.2.1, =2.2.1, =2.2.1, =2.2.2 - com.ge.research.semtk:sparqlGraphResultsService =2.2.2 and more Source cves: CVE-2018-1314 Source advisory: OSV:GHSA-JMF4-PQ78-F8VJ...

com.hotels:beeju (=4.0.1), com.mydataharbor:jdbc-hive-2.2.x-plugin (>=1.1.1 <=2.0.2) +45 more potentially affected by CVE-2018-1315 via org.apache.hive:hive-service (>=2.1.0 <=2.3.2)

org.apache.hive:hive-service MAVEN version =2.1.0, =1.1.1, =1.1.0, =5.1.0, =1.15.4, =0.9.1, =0.8.4, =0.8.3, =0.8.3, =0.8.3, =0.8.3, =1.2.0, =2.0.1, =1.2.0, =3.0.6 and more Source cves: CVE-2018-1315 Source advisory: OSV:GHSA-P639-XXV5-J383...