org.apache.hive:hive-service@1.0.0 vulnerabilities
-
latest version
4.0.0
-
latest non vulnerable version
-
first published
12 years ago
-
latest version published
23 days ago
-
licenses detected
- [0.8.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.hive:hive-service package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.hive:hive-service is a package for reading, writing, and managing large datasets residing in distributed storage using SQL. Affected versions of this package are vulnerable to Timing Attack. The cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another user's cookie signature. How to fix Timing Attack? Upgrade |
[,2.3.8)
|
org.apache.hive:hive-service is a package for reading, writing, and managing large datasets residing in distributed storage using SQL. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper sanitization of the How to fix Cross-site Scripting (XSS)? Upgrade |
[0,4.0.0-alpha-1)
|
Affected versions How to fix Access Restriction Bypass? Upgrade |
[,1.2.2)
[2.0.0,2.0.1)
|
org.apache.hive:hive-service is a package for reading, writing, and managing large datasets residing in distributed storage using SQL. Affected versions of this package are vulnerable to Improper Authentication. The LDAP implementation in HiveServer2 mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request. How to fix Improper Authentication? Upgrade |
[0.11.0,1.0.1)
[1.1.0,1.1.1)
|