Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0eDktNGY1eC04amo4

Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service

Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.

Permalink: https://github.com/advisories/GHSA-w4x9-4f5x-8jj8
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0eDktNGY1eC04amo4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 5 years ago
Updated: over 1 year ago


Identifiers: GHSA-w4x9-4f5x-8jj8, CVE-2014-0228
References: Blast Radius: 0.0

Affected Packages

maven:org.apache.hive:hive-exec
Dependent packages: 428
Dependent repositories: 3,002
Downloads:
Affected Version Ranges: < 0.13.1
Fixed in: 0.13.1
All affected versions: 0.8.0, 0.8.1, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0
All unaffected versions: 0.13.1, 0.14.0, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 3.0.0, 3.1.0, 3.1.1, 3.1.2, 3.1.3
maven:org.apache.hive:hive-service
Dependent packages: 150
Dependent repositories: 962
Downloads:
Affected Version Ranges: < 0.13.1
Fixed in: 0.13.1
All affected versions: 0.8.0, 0.8.1, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0
All unaffected versions: 0.13.1, 0.14.0, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 3.0.0, 3.1.0, 3.1.1, 3.1.2, 3.1.3
maven:org.apache.hive:hive
Dependent packages: 2
Dependent repositories: 7
Downloads:
Affected Version Ranges: < 0.13.1
Fixed in: 0.13.1
All affected versions: 0.13.0
All unaffected versions: 0.13.1, 0.14.0, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 3.0.0, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 4.0.0