VYPR
High severity8.8OSV Advisory· Published Aug 19, 2016· Updated Jun 17, 2026

CVE-2016-0760

CVE-2016-0760

Description

Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.

Affected products

4
  • Apache/SentryOSV4 versions
    release-1.5.0-rc0, release-1.5.0-rc1, release-1.5.1+ 3 more
    • (no CPE)range: release-1.5.0-rc0, release-1.5.0-rc1, release-1.5.1
    • cpe:2.3:a:apache:sentry:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:sentry:1.6.0:*:*:*:*:*:*:*
    • (no CPE)range: <1.7.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.