org.apache.hive:hive-exec (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.hive:hive-exec, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2015-7521 — CVSS 8.3 (high): The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and…
CVE-2022-41137 — CVSS 8.3 (high): Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions…
CVE-2018-11777 — CVSS 8.1 (high): In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if…
CVE-2016-3083 — CVSS 7.5 (high): Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the…
CVE-2015-1772 — CVSS 7.3 (high): The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0…
CVE-2024-29869 — CVSS 5.5 (medium): Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are…
CVE-2017-12625 — CVSS 4.3 (medium): Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be…
CVE-2018-1284 — CVSS 3.7 (low): In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_flo…
CVE-2018-1315 — CVSS 3.7 (low): In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server…
CVE-2014-0228 — CVSS 3.5 (low): Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and…