org.apache.spark:spark-hive-thriftserver_2.12 is vulnerable to information disclosure. The vulnerability allows someone to decrypt plaintext traffic offline because the library uses a bespoke mutual authentication protocol that allows for full encryption key recovery resulting in disclosure of sensitive information.
CPE | Name | Operator | Version |
---|---|---|---|
spark project hive thrift server | le | 3.1.2 | |
spark project hive thrift server | le | 3.1.2 |