Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:apache:sentry:1.6.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "1.6.0"
},
{
"last_affected": "1.6.0"
}
],
"vendor_product": "apache:sentry",
"source": "CPE_STRING"
}
]
}