Homepage

org.apache.hive:hive-service@2.3.10 vulnerabilities

  • latest version

    4.0.1

  • latest non vulnerable version

    4.0.1

  • first published

    13 years ago

  • latest version published

    3 months ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.apache.hive:hive-service package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Information Exposure

    org.apache.hive:hive-service is a package for reading, writing, and managing large datasets residing in distributed storage using SQL.

    Affected versions of this package are vulnerable to Information Exposure via the verifyAndExtract function of the CookieSigner component. The vulnerability derives due to the exposure of the signed cookie to the end user when there is a mismatch in signature between the current cookie and the expected cookie.

    How to fix Information Exposure?

    Upgrade org.apache.hive:hive-service to version 4.0.0 or higher.

    [1.2.0,4.0.0)
    • M
    Cross-site Scripting (XSS)

    org.apache.hive:hive-service is a package for reading, writing, and managing large datasets residing in distributed storage using SQL.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper sanitization of the loggerName parameter. An attacker could input malicious scripts through the affected parameter.

    How to fix Cross-site Scripting (XSS)?

    Upgrade org.apache.hive:hive-service to version 4.0.0-alpha-1 or higher.

    [0,4.0.0-alpha-1)
    Go back to all versions of this package