Apache Hive is vulnerable to collision attacks. The vulnerability is possible because it uses the weak hashing algorithm, SHA-1, in src/java/org/apache/hive/service/CookieSigner.java
and src/java/org/apache/hadoop/hive/ql/udf/generic/GenericUDFMaskHash.java
allowing the attackers to easily perform collsion attacks. This is related to CVE-2005-4900.