Homepage
About Snyk

org.apache.sentry:sentry-binding-hive@2.0.0 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.sentry:sentry-binding-hive package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Arbitrary Code Execution

org.apache.sentry:sentry-binding-hive is a highly modular system for providing fine grained role based authorization to both data and metadata stored on an Apache Hadoop cluster.

Affected versions of this package are vulnerable to Arbitrary Code Execution. An authenticated user could execute ALTER TABLE EXCHANGE PARTITIONS. They could access to the partitioned data of a Sentry protected table and remove data from a Sentry protected table.

How to fix Arbitrary Code Execution?

Upgrade org.apache.sentry:sentry-binding-hive to version 2.0.1 or higher.

[,2.0.1)
Go back to all versions of this package