Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
ApacheHive*

3 matches found

CVE
CVEadded 2021/02/12 7:39 p.m.595 views

CVE-2020-13949

CVE-2020-13949 affects Apache Thrift versions 0.9.3 through 0.13.0. The issue: malicious RPC clients can send short messages that trigger extremely large memory allocations, leading to a denial of service. The connected advisories confirm a remote DoS risk in Thrift with impact on servers handlin...

7.5CVSS7.1AI score0.06779EPSS
CVE
CVEadded 2022/07/16 7:10 a.m.101 views

CVE-2021-34538

CVE-2021-34538 affects Apache Hive (before 3.1.3). The vulnerability arises when performing CREATE and DROP operations for UDFs, as authorization checks for involved entities are missing. This could allow an unauthorized user to drop and recreate UDFs and point them to new jars that may be malici...

7.5CVSS7.3AI score0.01317EPSS
CVE
CVEadded 2021/03/16 1:0 p.m.79 views

CVE-2020-1926

CVE-2020-1926 affects Apache Hive: cookie signature verification used a non-constant-time comparison, enabling timing attacks that could recover another user’s cookie signature. The issue is addressed in Apache Hive 2.3.8. Connected references describe the vulnerability as an information-disclosu...

5.9CVSS5.4AI score0.02458EPSS