CVE-2018-1284

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1284

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1284.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1284

Aliases

GHSA-rxmr-c9jm-7mm8

Published

2018-04-05T13:29:01Z

Modified

2024-09-02T23:31:18Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpathstring/xpathboolean/xpathnumber/xpathdouble/xpathfloat/xpathlong/xpathint/xpathshort) to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if hive.server2.enable.doAs=false.

References

Affected packages

Git / github.com/apache/hive

Affected ranges

Type: GIT
Repo: https://github.com/apache/hive
Events: Introduced

2f01e0500ce571b197f998a5c0de46e56e066a36

Last affected

857a9fd8ad725a53bd95c1b2d6612f9b1155f44d