Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJnOXEtY2hxMi13OHF3

Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service

Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.

Permalink: https://github.com/advisories/GHSA-2g9q-chq2-w8qw
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJnOXEtY2hxMi13OHF3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 5 years ago
Updated: almost 2 years ago


CVSS Score: 4.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Percentage: 0.00045
EPSS Percentile: 0.17509

Identifiers: GHSA-2g9q-chq2-w8qw, CVE-2017-12625
References: Blast Radius: 15.0

Affected Packages

maven:org.apache.hive:hive-service
Dependent packages: 150
Dependent repositories: 962
Downloads:
Affected Version Ranges: = 2.3.0, = 2.2.0, >= 2.1.0, < 2.1.2
Fixed in: 2.3.1, 2.2.1, 2.1.2
All affected versions: 2.1.0, 2.1.1, 2.2.0, 2.3.0
All unaffected versions: 0.8.0, 0.8.1, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.13.1, 0.14.0, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 2.0.0, 2.0.1, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.3.10, 3.0.0, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 4.0.0, 4.0.1
maven:org.apache.hive:hive-exec
Dependent packages: 428
Dependent repositories: 3,002
Downloads:
Affected Version Ranges: = 2.3.0, = 2.2.0, >= 2.1.0, < 2.1.2
Fixed in: 2.3.1, 2.2.1, 2.1.2
All affected versions: 2.1.0, 2.1.1, 2.2.0, 2.3.0
All unaffected versions: 0.8.0, 0.8.1, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.13.1, 0.14.0, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 2.0.0, 2.0.1, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.3.10, 3.0.0, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 4.0.0, 4.0.1
maven:org.apache.hive:hive
Dependent packages: 2
Dependent repositories: 7
Downloads:
Affected Version Ranges: = 2.3.0, = 2.2.0, >= 2.1.0, < 2.1.2
Fixed in: 2.3.1, 2.2.1, 2.1.2
All affected versions: 2.1.0, 2.1.1, 2.2.0, 2.3.0
All unaffected versions: 0.13.0, 0.13.1, 0.14.0, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 2.0.0, 2.0.1, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.3.10, 3.0.0, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 4.0.0, 4.0.1