org.apache.hive:hive-service@4.0.0-alpha-2 vulnerabilities

  • latest version

    4.0.1

  • latest non vulnerable version

  • first published

    13 years ago

  • latest version published

    3 months ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the org.apache.hive:hive-service package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Information Exposure

    org.apache.hive:hive-service is a package for reading, writing, and managing large datasets residing in distributed storage using SQL.

    Affected versions of this package are vulnerable to Information Exposure via the verifyAndExtract function of the CookieSigner component. The vulnerability derives due to the exposure of the signed cookie to the end user when there is a mismatch in signature between the current cookie and the expected cookie.

    How to fix Information Exposure?

    Upgrade org.apache.hive:hive-service to version 4.0.0 or higher.

    [1.2.0,4.0.0)