Hive Security Vulnerabilities and Issues — Hive CVE List

Lucene search

ApacheHive

3 matches found

CVE•added 2024/12/05 10:15 a.m.•108 views

CVE-2022-41137

Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be ...

8.3CVSS7.3AI score0.03869EPSS

CVE•added 2016/01/29 8:59 p.m.•73 views

CVE-2015-7521

The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.

8.3CVSS8.1AI score0.00404EPSS

CVE•added 2018/11/08 2:29 p.m.•66 views

CVE-2018-11777

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

8.1CVSS7.9AI score0.00413EPSS