2 matches found
CVE-2022-41137
A flaw was found in the Apache Hive Metastore HMS. This vulnerability allows remote code execution RCE via deserialization of arbitrary data when the SerializationUtilitiesdeserializeObjectWithTypeInformation method filters and fetches partitions without additional input validation. In real...
Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore
Apache Hive Metastore HMS uses SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution RCE since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be...