This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation.
9.1CVSS
8.9AI Score
0.001EPSS
Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set.
9.8CVSS
9.4AI Score
0.005EPSS