Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.hive/hive@0.13.0

Type maven

Namespace org.apache.hive

Name hive

Version 0.13.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.3.8

Latest_non_vulnerable_version 3.1.3

Affected_by_vulnerabilities

url VCID-12xd-nb8g-23gc

vulnerability_id VCID-12xd-nb8g-23gc

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11777

reference_id

reference_type

scores

value	0.00249
scoring_system	epss
scoring_elements	0.4836
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11777

reference_url	https://github.com/apache/hive/commit/00c0ee7bc4b8492476b377a6edafcc33411f14b
reference_id
reference_type
scores
url	https://github.com/apache/hive/commit/00c0ee7bc4b8492476b377a6edafcc33411f14b

reference_url	https://github.com/apache/hive/commit/1a1d6ca1bc3ae840238dc345fa1eb2c7c28c8cb
reference_id
reference_type
scores
url	https://github.com/apache/hive/commit/1a1d6ca1bc3ae840238dc345fa1eb2c7c28c8cb

reference_url	https://github.com/apache/hive/commit/f0419dfaabe31dd7802c37aeebab101265907e1
reference_id
reference_type
scores
url	https://github.com/apache/hive/commit/f0419dfaabe31dd7802c37aeebab101265907e1

reference_url

https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E

reference_url

http://www.securityfocus.com/bid/105886

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/105886

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11777

reference_id

CVE-2018-11777

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11777

reference_url

https://github.com/advisories/GHSA-rrfq-g5fq-fc9c

reference_id

GHSA-rrfq-g5fq-fc9c

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-rrfq-g5fq-fc9c

fixed_packages

url pkg:maven/org.apache.hive/hive@2.3.4

purl pkg:maven/org.apache.hive/hive@2.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rs3p-yb2z-3bfd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.3.4

url	pkg:maven/org.apache.hive/hive@3.1.1
purl	pkg:maven/org.apache.hive/hive@3.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@3.1.1

aliases CVE-2018-11777, GHSA-rrfq-g5fq-fc9c

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12xd-nb8g-23gc

url VCID-jq4c-tghp-s3c8

vulnerability_id VCID-jq4c-tghp-s3c8

summary

Missing Authorization
The Hive `EXPLAIN` operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do `EXPLAIN` on arbitrary table or view and expose table metadata and statistics.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1314

reference_id

reference_type

scores

value	0.00374
scoring_system	epss
scoring_elements	0.59365
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1314

reference_url

https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E

reference_url

http://www.securityfocus.com/bid/105884

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/105884

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1314

reference_id

CVE-2018-1314

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1314

reference_url

https://github.com/advisories/GHSA-jmf4-pq78-f8vj

reference_id

GHSA-jmf4-pq78-f8vj

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-jmf4-pq78-f8vj

fixed_packages

url pkg:maven/org.apache.hive/hive@2.3.4

purl pkg:maven/org.apache.hive/hive@2.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rs3p-yb2z-3bfd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.3.4

url	pkg:maven/org.apache.hive/hive@3.1.1
purl	pkg:maven/org.apache.hive/hive@3.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@3.1.1

aliases CVE-2018-1314, GHSA-jmf4-pq78-f8vj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jq4c-tghp-s3c8

url VCID-kff1-smtt-7fcc

vulnerability_id VCID-kff1-smtt-7fcc

summary

Improper Access Control
Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.

references

reference_url

http://mail-archives.apache.org/mod_mbox/hive-user/201406.mbox/%3CCABgNGzeN7E+9d=YV5yvnKA7wmSx1op_avtUjPcPtDaR6DLJM6g@mail.gmail.com%3E

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://mail-archives.apache.org/mod_mbox/hive-user/201406.mbox/%3CCABgNGzeN7E+9d=YV5yvnKA7wmSx1op_avtUjPcPtDaR6DLJM6g@mail.gmail.com%3E

reference_url

http://packetstormsecurity.com/files/127091/Apache-Hive-0.13.0-Authorization-Failure.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/127091/Apache-Hive-0.13.0-Authorization-Failure.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0228

reference_id

reference_type

scores

value	0.00322
scoring_system	epss
scoring_elements	0.555
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0228

reference_url

http://www.securityfocus.com/archive/1/532418/100/0/threaded

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/archive/1/532418/100/0/threaded

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0228

reference_id

CVE-2014-0228

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0228

reference_url

https://github.com/advisories/GHSA-w4x9-4f5x-8jj8

reference_id

GHSA-w4x9-4f5x-8jj8

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-w4x9-4f5x-8jj8

fixed_packages

url pkg:maven/org.apache.hive/hive@0.13.1

purl pkg:maven/org.apache.hive/hive@0.13.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-12xd-nb8g-23gc

vulnerability	VCID-jq4c-tghp-s3c8

vulnerability	VCID-rs3p-yb2z-3bfd

vulnerability	VCID-w6dq-9zaa-ykhb

vulnerability	VCID-xf72-ztd4-8kgd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@0.13.1

aliases CVE-2014-0228, GHSA-w4x9-4f5x-8jj8

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kff1-smtt-7fcc

url VCID-rs3p-yb2z-3bfd

vulnerability_id VCID-rs3p-yb2z-3bfd

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1926

reference_id

reference_type

scores

value	0.00478
scoring_system	epss
scoring_elements	0.65311
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1926

reference_url

https://issues.apache.org/jira/browse/HIVE-22708

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/HIVE-22708

reference_url

https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1926

reference_id

CVE-2020-1926

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1926

reference_url

https://github.com/advisories/GHSA-54g4-5cf6-hjp3

reference_id

GHSA-54g4-5cf6-hjp3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-54g4-5cf6-hjp3

fixed_packages

url	pkg:maven/org.apache.hive/hive@2.3.8
purl	pkg:maven/org.apache.hive/hive@2.3.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.3.8

aliases CVE-2020-1926, GHSA-54g4-5cf6-hjp3

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rs3p-yb2z-3bfd

url VCID-w6dq-9zaa-ykhb

vulnerability_id VCID-w6dq-9zaa-ykhb

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1284

reference_id

reference_type

scores

value	0.00469
scoring_system	epss
scoring_elements	0.64841
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1284

reference_url	https://github.com/apache/hive/commit/b0a58d245875dc1b3ac58a7cf1a61d3b17805e96
reference_id
reference_type
scores
url	https://github.com/apache/hive/commit/b0a58d245875dc1b3ac58a7cf1a61d3b17805e96

reference_url

https://github.com/apache/hive/commit/f80a38ae1174553022deae4f8774918401d9756d

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hive/commit/f80a38ae1174553022deae4f8774918401d9756d

reference_url

https://issues.apache.org/jira/browse/HIVE-18879

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/HIVE-18879

reference_url

https://lists.apache.org/thread.html/29184dbce4a37be2af36e539ecb479b1d27868f73ccfdff46c7174b4@%3Cdev.hive.apache.org%3E

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/29184dbce4a37be2af36e539ecb479b1d27868f73ccfdff46c7174b4@%3Cdev.hive.apache.org%3E

reference_url

http://www.securityfocus.com/bid/103750

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/103750

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1284

reference_id

CVE-2018-1284

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1284

reference_url

https://github.com/advisories/GHSA-rxmr-c9jm-7mm8

reference_id

GHSA-rxmr-c9jm-7mm8

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-rxmr-c9jm-7mm8

fixed_packages

url pkg:maven/org.apache.hive/hive@2.3.3

purl pkg:maven/org.apache.hive/hive@2.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-12xd-nb8g-23gc

vulnerability	VCID-jq4c-tghp-s3c8

vulnerability	VCID-rs3p-yb2z-3bfd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.3.3

aliases CVE-2018-1284, GHSA-rxmr-c9jm-7mm8

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6dq-9zaa-ykhb

url VCID-xf72-ztd4-8kgd

vulnerability_id VCID-xf72-ztd4-8kgd

summary

Improper Certificate Validation
Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive does not seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server `abc.com`, and the server responds with a valid certificate (certified by CA) but issued to `xyz.com`, the client will accept that as a valid certificate and the SSL handshake will go through.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3083

reference_id

reference_type

scores

value	0.00206
scoring_system	epss
scoring_elements	0.4288
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3083

reference_url

https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E

reference_url

http://www.securityfocus.com/bid/98669

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/98669

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-3083

reference_id

CVE-2016-3083

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3083

reference_url

https://github.com/advisories/GHSA-gf2v-9hp6-44qg

reference_id

GHSA-gf2v-9hp6-44qg

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-gf2v-9hp6-44qg

fixed_packages

url pkg:maven/org.apache.hive/hive@1.2.2

purl pkg:maven/org.apache.hive/hive@1.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-12xd-nb8g-23gc

vulnerability	VCID-jq4c-tghp-s3c8

vulnerability	VCID-rs3p-yb2z-3bfd

vulnerability	VCID-w6dq-9zaa-ykhb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.2.2

url pkg:maven/org.apache.hive/hive@2.0.1

purl pkg:maven/org.apache.hive/hive@2.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-12xd-nb8g-23gc

vulnerability	VCID-jq4c-tghp-s3c8

vulnerability	VCID-rs3p-yb2z-3bfd

vulnerability	VCID-w6dq-9zaa-ykhb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.0.1

aliases CVE-2016-3083, GHSA-gf2v-9hp6-44qg

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xf72-ztd4-8kgd

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@0.13.0

Package Instance