Apache Hive is vulnerable to Code Injection. The vulnerability is caused by improper sanitization or validation of user-supplied URLs in the openBrowserWindow
method within HiveJdbcBrowserClient.java
, which allows an authenticated attacker to submit a malicious URL which results in command injection.
CPE | Name | Operator | Version |
---|---|---|---|
hive jdbc | le | 4.0.0-beta-1 | |
hive jdbc | le | 4.0.0-beta-1 |