VYPR

Maven package

org.apache.hive/hive-common

pkg:maven/org.apache.hive/hive-common

Vulnerabilities (1)

  • CVE-2025-62728Nov 26, 2025
    affected >= 4.1.0, < 4.2.0fixed 4.2.0

    SQL injection vulnerability in Hive Metastore Server (HMS) when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world d