Количество 2
Количество 2
CVE-2021-34538
Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious.
GHSA-v3p8-j597-3xg8
Apache Hive before 3.1.3 `CREATE` and `DROP` function operations do not check for necessary authorization.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-34538 Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious. | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
| GHSA-v3p8-j597-3xg8 Apache Hive before 3.1.3 `CREATE` and `DROP` function operations do not check for necessary authorization. | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу