Maven package
org.apache.hive/hive-metastore
pkg:maven/org.apache.hive/hive-metastore
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-62728 | — | >= 4.1.0, < 4.2.0 | 4.2.0 | Nov 26, 2025 | SQL injection vulnerability in Hive Metastore Server (HMS) when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world d |
- CVE-2025-62728Nov 26, 2025affected >= 4.1.0, < 4.2.0fixed 4.2.0
SQL injection vulnerability in Hive Metastore Server (HMS) when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world d