Medium severity4.3NVD Advisory· Published Nov 1, 2017· Updated May 13, 2026
CVE-2017-12625
CVE-2017-12625
Description
Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.hive:hiveMaven | >= 2.1.0, < 2.1.2 | 2.1.2 |
org.apache.hive:hiveMaven | >= 2.2.0, < 2.2.1 | 2.2.1 |
org.apache.hive:hiveMaven | >= 2.3.0, < 2.3.1 | 2.3.1 |
org.apache.hive:hive-execMaven | >= 2.1.0, < 2.1.2 | 2.1.2 |
org.apache.hive:hive-execMaven | >= 2.2.0, < 2.2.1 | 2.2.1 |
org.apache.hive:hive-execMaven | >= 2.3.0, < 2.3.1 | 2.3.1 |
org.apache.hive:hive-serviceMaven | >= 2.1.0, < 2.1.2 | 2.1.2 |
org.apache.hive:hive-serviceMaven | >= 2.2.0, < 2.2.1 | 2.2.1 |
org.apache.hive:hive-serviceMaven | >= 2.3.0, < 2.3.1 | 2.3.1 |
Affected products
1- Apache Software Foundation/Apache Hivev5Range: 2.1.x before 2.1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3EnvdMailing ListVendor AdvisoryWEB
- www.securityfocus.com/bid/101686nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-2g9q-chq2-w8qwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-12625ghsaADVISORY
News mentions
0No linked articles in our index yet.