Maven package

org.apache.hive/hive-jdbc

pkg:maven/org.apache.hive/hive-jdbc

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-35701	—	>= 4.0.0-alpha-1, < 4.0.0	4.0.0	May 3, 2024	Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The maliciou
CVE-2018-1314	—	< 2.3.4	2.3.4	Nov 8, 2018	In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics.
CVE-2018-1282	—	>= 0.7.1, < 2.3.3	2.3.3	Apr 5, 2018	This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation.

CVE-2023-35701May 3, 2024
affected >= 4.0.0-alpha-1, < 4.0.0fixed 4.0.0
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The maliciou
CVE-2018-1314Nov 8, 2018
affected < 2.3.4fixed 2.3.4
In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics.
CVE-2018-1282Apr 5, 2018
affected >= 0.7.1, < 2.3.3fixed 2.3.3
This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation.