CVE-2018-1282
N/A
N/A
Summary
This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Hive | 0.7.1 to 2.3.2 | affected |
Weaknesses
- SQL Injection
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/103751
- https://lists.apache.org/thread.html/74bd2bff1827febb348dfb323986fa340d3bb97a315ab93c3ccc8299%40%3Cdev.hive.apache.org%3E
References
- http://www.securityfocus.com/bid/103751
- https://lists.apache.org/thread.html/74bd2bff1827febb348dfb323986fa340d3bb97a315ab93c3ccc8299%40%3Cdev.hive.apache.org%3E
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.