org.apache.hive:hive-jdbc

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.apache.hive:hive-jdbcpage 1 of 1

CVE-2018-1282CRITICALCVSS 9.1EG 9.1✓ Fixed in 2.3.3
2018-04-05
vulnerable: 0.10.0 ... 2.3.2 (24 versions)
This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation.
CVE-2018-1314MEDIUMCVSS 4.3EG 4.3✓ Fixed in 3.1.1
2018-11-08
vulnerable: 3.0.0, 3.1.0
In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and st…
CVE-2023-35701MEDIUMCVSS 6.6EG 6.6✓ Fixed in 4.0.0
2024-05-03
vulnerable: 4.0.0-alpha-1, 4.0.0-alpha-2, 4.0.0-beta-1
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC…

Check whether org.apache.hive:hive-jdbc is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.hive:hive-jdbc CVEs against the assets you own.

Start Free Scan →