12 matches found
Improper Access Control
org.apache.hive:hive-exec is vulnerable to Improper Access Control. The vulnerability is due to insecure file permissions due to the credentials file being created with default permissions of 644 in a temporary directory, allowing unauthorized users to read sensitive information...
ai.chronon:flink_2.12 (>=0.0.62 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:online_2.12 (>=0.0.25 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +555 more potentially affected by CVE-2024-29869 via org.apache.hive:hive-exec (>=0.8.0 <=4.0.0)
org.apache.hive:hive-exec MAVEN version =0.8.0, =0.0.62, =0.0.25, =0.0.25, =0.0.86, =0.0.8, =0.0.6, =3.18.0.9, =6.5.0, =1.5.8, =0.2.7, =1.3.3, =1.4.0, =1.0.0, =2.0.0, =3.1.0 and more Source cves: CVE-2024-29869 Source advisory: OSV:GHSA-C476-J253-5RGQ...
org.apache.hive.hcatalog:hive-hcatalog-core (=4.0.0-alpha-1), org.apache.hive.hcatalog:hive-hcatalog-pig-adapter (=4.0.0-alpha-1) +18 more potentially affected by CVE-2022-41137 via org.apache.hive:hive-exec (=4.0.0-alpha-1)
org.apache.hive:hive-exec MAVEN version =4.0.0-alpha-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-exec and may be impacted: - org.apache.hive.hcatalog:hive-hcatalog-core =4.0.0-alpha-1 -...
ai.h2o:h2o-orc-parser (>=3.18.0.9 <=3.46.0.11), com.linkedin.tony:tony-cli (>=0.1.5 <=0.3.3) +3 more potentially affected by CVE-2015-1772 via org.apache.hive:hive-exec (=1.1.0)
org.apache.hive:hive-exec MAVEN version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-exec and may be impacted: - ai.h2o:h2o-orc-parser =3.18.0.9, =0.1.5, =0.1.5, =0.11.0, =0.11.1 Source cves: CVE-2015-1772 Source advisory...
io.druid.extensions.contrib:druid-orc-extensions (>=0.10.0 <=0.12.3), org.apache.tajo:tajo-hive (>=0.11.2 <=0.11.3) potentially affected by CVE-2016-3083 via org.apache.hive:hive-exec (=2.0.0)
org.apache.hive:hive-exec MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-exec and may be impacted: - io.druid.extensions.contrib:druid-orc-extensions =0.10.0, =0.11.2, =0.11.3 Source cves: CVE-2016-3083 Source...
ai.h2o:h2o-orc-parser (>=3.18.0.9 <=3.46.0.11), com.linkedin.tony:tony-cli (>=0.1.5 <=0.3.3) +36 more potentially affected by CVE-2016-3083 via org.apache.hive:hive-exec (>=0.8.0 <=1.2.1)
org.apache.hive:hive-exec MAVEN version =0.8.0, =3.18.0.9, =0.1.5, =0.1.5, =0.1.0, =0.1.0, =0.1.0, =6.5.0, =6.5.0, =6.5.0, =6.5.0, =6.8.3 and more Source cves: CVE-2016-3083 Source advisory: OSV:GHSA-GF2V-9HP6-44QG...
com.amazon.emr:hive2-shims (>=5.0.0 <=5.6.0), com.scylladb.alternator:hive2-shims (>=5.6.0 <=5.8.0) potentially affected by CVE-2017-12625 via org.apache.hive:hive-exec (=2.3.0)
org.apache.hive:hive-exec MAVEN version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-exec and may be impacted: - com.amazon.emr:hive2-shims =5.0.0, =5.6.0, =5.8.0 Source cves: CVE-2017-12625 Source advisory:...
ai.h2o:h2o-orc-parser (>=3.18.0.9 <=3.46.0.11), com.amazon.emr:hive2-shims (>=5.0.0 <=5.6.0) +114 more potentially affected by CVE-2018-11777 via org.apache.hive:hive-exec (>=0.8.0 <=2.3.3)
org.apache.hive:hive-exec MAVEN version =0.8.0, =3.18.0.9, =5.0.0, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =4.1.2-RELEASE, =0.1.1, =4.0.0-preview22.0.1, =1.0.5, =0.1.5, =0.1.5, =0.3.3 and more Source cves: CVE-2018-11777 Source advisory: OSV:GHSA-RRFQ-G5FQ-FC9C...
ai.h2o:h2o-orc-parser (>=3.18.0.9 <=3.46.0.11), com.amazon.emr:hive2-shims (>=5.0.0 <=5.6.0) +109 more potentially affected by CVE-2018-1284 via org.apache.hive:hive-exec (>=0.8.0 <=2.3.2)
org.apache.hive:hive-exec MAVEN version =0.8.0, =3.18.0.9, =5.0.0, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =4.1.2-RELEASE, =0.1.1, =4.0.0-preview22.0.1, =1.0.5, =0.1.5, =0.1.5, =0.3.3 and more Source cves: CVE-2018-1284 Source advisory: OSV:GHSA-RXMR-C9JM-7MM8...
com.amazon.emr:hive2-shims (>=5.0.0 <=5.6.0), com.boozallen.aissemble:extensions-data-delivery-spark (>=1.13.0-rc6 <=2.0.0) +59 more potentially affected by CVE-2018-1315 via org.apache.hive:hive-exec (>=2.1.0 <=2.3.2)
org.apache.hive:hive-exec MAVEN version =2.1.0, =5.0.0, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =4.1.2-RELEASE, =4.0.0-preview22.0.1, =5.6.0, =4.1.0, =4.0.00.31.1-prerelease6, =4.0.0, =4.1.0, =4.2.0 and more Source cves: CVE-2018-1315 Source advisory: OSV:GHSA-P639-XXV5-J...
Information Disclosure
hive-exec is vulnerable to an information disclosure.The library does not properly handle permissions of entities in an EXPLAIN operation, allowing a malicious user to use the operation to gain access to sensitive information in an arbitrary table, view, metadata or statistics...
Leakage Of File And Folder Information
hive-exec is vulnerable to the leakage of file and folder information. The file and folder information is being logged when a query is canceled and the thread is interrupted...