Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.hive/hive-jdbc@0.13.1

Type maven

Namespace org.apache.hive

Name hive-jdbc

Version 0.13.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.3.4

Latest_non_vulnerable_version 4.0.0

Affected_by_vulnerabilities

url VCID-bsvr-e8ga-jugx

vulnerability_id VCID-bsvr-e8ga-jugx

summary

SQL Injection
This vulnerability in Apache Hive JDBC allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in `PreparedStatement` implementation.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1282.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1282.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1282

reference_id

reference_type

scores

value	0.00297
scoring_system	epss
scoring_elements	0.53396
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1282

reference_url

https://github.com/advisories/GHSA-jf2m-435m-mxw8

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-jf2m-435m-mxw8

reference_url

https://github.com/apache/hive

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hive

reference_url	https://github.com/apache/hive/commit/0330c1c0b62f3c2e6a4744048578dea55193b62
reference_id
reference_type
scores
url	https://github.com/apache/hive/commit/0330c1c0b62f3c2e6a4744048578dea55193b62

reference_url	https://github.com/apache/hive/commit/63df42966cf44ffdd20d3fcdcfb70738c0432ab
reference_id
reference_type
scores
url	https://github.com/apache/hive/commit/63df42966cf44ffdd20d3fcdcfb70738c0432ab

reference_url

https://lists.apache.org/thread.html/74bd2bff1827febb348dfb323986fa340d3bb97a315ab93c3ccc8299@%3Cdev.hive.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/74bd2bff1827febb348dfb323986fa340d3bb97a315ab93c3ccc8299@%3Cdev.hive.apache.org%3E

reference_url

https://web.archive.org/web/20200227125536/http://www.securityfocus.com/bid/103751

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227125536/http://www.securityfocus.com/bid/103751

reference_url	http://www.securityfocus.com/bid/103751
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103751

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1564361
reference_id	1564361
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1564361

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1282

reference_id

CVE-2018-1282

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1282

fixed_packages

url pkg:maven/org.apache.hive/hive-jdbc@2.3.3

purl pkg:maven/org.apache.hive/hive-jdbc@2.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kp77-nwjw-rfgy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@2.3.3

aliases CVE-2018-1282, GHSA-jf2m-435m-mxw8

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bsvr-e8ga-jugx

url VCID-kp77-nwjw-rfgy

vulnerability_id VCID-kp77-nwjw-rfgy

summary

Missing Authorization
The Hive `EXPLAIN` operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do `EXPLAIN` on arbitrary table or view and expose table metadata and statistics.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1314

reference_id

reference_type

scores

value	0.00374
scoring_system	epss
scoring_elements	0.59392
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1314

reference_url

https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E

reference_url

http://www.securityfocus.com/bid/105884

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/105884

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1314

reference_id

CVE-2018-1314

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1314

reference_url

https://github.com/advisories/GHSA-jmf4-pq78-f8vj

reference_id

GHSA-jmf4-pq78-f8vj

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-jmf4-pq78-f8vj

fixed_packages

url	pkg:maven/org.apache.hive/hive-jdbc@2.3.4
purl	pkg:maven/org.apache.hive/hive-jdbc@2.3.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@2.3.4

url	pkg:maven/org.apache.hive/hive-jdbc@3.1.1
purl	pkg:maven/org.apache.hive/hive-jdbc@3.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@3.1.1

aliases CVE-2018-1314, GHSA-jmf4-pq78-f8vj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kp77-nwjw-rfgy

url VCID-me8z-qek2-wfgn

vulnerability_id VCID-me8z-qek2-wfgn

summary

Improper Certificate Validation
Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive does not seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server `abc.com`, and the server responds with a valid certificate (certified by CA) but issued to `xyz.com`, the client will accept that as a valid certificate and the SSL handshake will go through.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3083

reference_id

reference_type

scores

value	0.00206
scoring_system	epss
scoring_elements	0.42874
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3083

reference_url

https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E

reference_url

http://www.securityfocus.com/bid/98669

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/98669

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-3083

reference_id

CVE-2016-3083

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3083

reference_url

https://github.com/advisories/GHSA-gf2v-9hp6-44qg

reference_id

GHSA-gf2v-9hp6-44qg

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-gf2v-9hp6-44qg

fixed_packages

url pkg:maven/org.apache.hive/hive-jdbc@1.2.2

purl pkg:maven/org.apache.hive/hive-jdbc@1.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bsvr-e8ga-jugx

vulnerability	VCID-kp77-nwjw-rfgy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@1.2.2

aliases CVE-2016-3083, GHSA-gf2v-9hp6-44qg

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-me8z-qek2-wfgn

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@0.13.1

Package Instance