GHSA-2g9q-chq2-w8qw

Source

https://github.com/advisories/GHSA-2g9q-chq2-w8qw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/03/GHSA-2g9q-chq2-w8qw/GHSA-2g9q-chq2-w8qw.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-2g9q-chq2-w8qw

Aliases

CVE-2017-12625

Published

2019-03-14T15:40:16Z

Modified

2023-11-08T03:58:53.610587Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service

Details

Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.

Database specific

{
    "nvd_published_at": null,
    "github_reviewed_at": "2020-06-16T20:51:58Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-200"
    ]
}

References

Affected packages

Maven / org.apache.hive:hive

Package

Name: org.apache.hive:hive; View open source insights on deps.dev
Purl: pkg:maven/org.apache.hive/hive

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.2

Affected versions

2.*

2.1.0

2.1.1

Maven / org.apache.hive:hive

Package

Name: org.apache.hive:hive; View open source insights on deps.dev
Purl: pkg:maven/org.apache.hive/hive

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0

Fixed

2.2.1

Affected versions

2.*

2.2.0

Maven / org.apache.hive:hive

Package

Name: org.apache.hive:hive; View open source insights on deps.dev
Purl: pkg:maven/org.apache.hive/hive

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3.0

Fixed

2.3.1

Affected versions

2.*

2.3.0

Maven / org.apache.hive:hive-exec

Package

Name: org.apache.hive:hive-exec; View open source insights on deps.dev
Purl: pkg:maven/org.apache.hive/hive-exec

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.2

Affected versions

2.*

2.1.0

2.1.1

Maven / org.apache.hive:hive-exec

Package

Name: org.apache.hive:hive-exec; View open source insights on deps.dev
Purl: pkg:maven/org.apache.hive/hive-exec

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0

Fixed

2.2.1

Affected versions

2.*

2.2.0

Maven / org.apache.hive:hive-exec

Package

Name: org.apache.hive:hive-exec; View open source insights on deps.dev
Purl: pkg:maven/org.apache.hive/hive-exec

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3.0

Fixed

2.3.1

Affected versions

2.*

2.3.0

Maven / org.apache.hive:hive-service

Package

Name: org.apache.hive:hive-service; View open source insights on deps.dev
Purl: pkg:maven/org.apache.hive/hive-service

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.2

Affected versions

2.*

2.1.0

2.1.1

Maven / org.apache.hive:hive-service

Package

Name: org.apache.hive:hive-service; View open source insights on deps.dev
Purl: pkg:maven/org.apache.hive/hive-service

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0

Fixed

2.2.1

Affected versions

2.*

2.2.0

Maven / org.apache.hive:hive-service

Package

Name: org.apache.hive:hive-service; View open source insights on deps.dev
Purl: pkg:maven/org.apache.hive/hive-service

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3.0

Fixed

2.3.1

Affected versions

2.*

2.3.0