Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.hive/hive@1.1.0
Typemaven
Namespaceorg.apache.hive
Namehive
Version1.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.1.2
Latest_non_vulnerable_version3.1.3
Affected_by_vulnerabilities
0
url VCID-6ppt-m2fe-1uge
vulnerability_id VCID-6ppt-m2fe-1uge
summary 
Improper Authentication
The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.
references
0
reference_url http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q@mail.gmail.com%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q@mail.gmail.com%3E
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1772.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1772.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1772
reference_id
reference_type
scores
0
value 0.00163
scoring_system epss
scoring_elements 0.36975
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1772
3
reference_url https://github.com/apache/hive/commit/6929846a8120eaf094b914b4ca8af80b65f891c8
reference_id
reference_type
scores
url https://github.com/apache/hive/commit/6929846a8120eaf094b914b4ca8af80b65f891c8
4
reference_url https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
5
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21969546
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21969546
6
reference_url http://www.securitytracker.com/id/1034365
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1034365
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1293837
reference_id 1293837
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1293837
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-1772
reference_id CVE-2015-1772
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-1772
9
reference_url https://github.com/advisories/GHSA-5gvm-hrw5-h6xf
reference_id GHSA-5gvm-hrw5-h6xf
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-5gvm-hrw5-h6xf
fixed_packages
0
url pkg:maven/org.apache.hive/hive@1.1.1
purl pkg:maven/org.apache.hive/hive@1.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c6s8-kd2p-b3cn
1
vulnerability VCID-cccj-uhyy-hbew
2
vulnerability VCID-e3vr-tx7y-xbg9
3
vulnerability VCID-he9j-yvcw-cuet
4
vulnerability VCID-kp77-nwjw-rfgy
5
vulnerability VCID-me8z-qek2-wfgn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.1.1
aliases CVE-2015-1772, GHSA-5gvm-hrw5-h6xf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ppt-m2fe-1uge
1
url VCID-c6s8-kd2p-b3cn
vulnerability_id VCID-c6s8-kd2p-b3cn
summary 
Improper Access Control
In Apache Hive, local resources on HiveServer2 machines are not properly protected against a malicious user if ranger, sentry or sql standard authorizer is not in use.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11777
reference_id
reference_type
scores
0
value 0.00249
scoring_system epss
scoring_elements 0.48378
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11777
1
reference_url https://github.com/apache/hive/commit/00c0ee7bc4b8492476b377a6edafcc33411f14b
reference_id
reference_type
scores
url https://github.com/apache/hive/commit/00c0ee7bc4b8492476b377a6edafcc33411f14b
2
reference_url https://github.com/apache/hive/commit/1a1d6ca1bc3ae840238dc345fa1eb2c7c28c8cb
reference_id
reference_type
scores
url https://github.com/apache/hive/commit/1a1d6ca1bc3ae840238dc345fa1eb2c7c28c8cb
3
reference_url https://github.com/apache/hive/commit/f0419dfaabe31dd7802c37aeebab101265907e1
reference_id
reference_type
scores
url https://github.com/apache/hive/commit/f0419dfaabe31dd7802c37aeebab101265907e1
4
reference_url https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E
5
reference_url http://www.securityfocus.com/bid/105886
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105886
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11777
reference_id CVE-2018-11777
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11777
7
reference_url https://github.com/advisories/GHSA-rrfq-g5fq-fc9c
reference_id GHSA-rrfq-g5fq-fc9c
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rrfq-g5fq-fc9c
fixed_packages
0
url pkg:maven/org.apache.hive/hive@2.3.4
purl pkg:maven/org.apache.hive/hive@2.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-he9j-yvcw-cuet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.3.4
1
url pkg:maven/org.apache.hive/hive@3.1.1
purl pkg:maven/org.apache.hive/hive@3.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@3.1.1
aliases CVE-2018-11777, GHSA-rrfq-g5fq-fc9c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c6s8-kd2p-b3cn
2
url VCID-cccj-uhyy-hbew
vulnerability_id VCID-cccj-uhyy-hbew
summary 
Information Exposure
In Apache Hiveto, malicious user might use any xpath UDFs to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if `hive.serverenable.doAs=false`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1284.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1284.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1284
reference_id
reference_type
scores
0
value 0.00469
scoring_system epss
scoring_elements 0.64878
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1284
2
reference_url https://github.com/apache/hive/commit/b0a58d245875dc1b3ac58a7cf1a61d3b17805e96
reference_id
reference_type
scores
url https://github.com/apache/hive/commit/b0a58d245875dc1b3ac58a7cf1a61d3b17805e96
3
reference_url https://github.com/apache/hive/commit/f80a38ae1174553022deae4f8774918401d9756d
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/hive/commit/f80a38ae1174553022deae4f8774918401d9756d
4
reference_url https://issues.apache.org/jira/browse/HIVE-18879
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/HIVE-18879
5
reference_url https://lists.apache.org/thread.html/29184dbce4a37be2af36e539ecb479b1d27868f73ccfdff46c7174b4@%3Cdev.hive.apache.org%3E
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29184dbce4a37be2af36e539ecb479b1d27868f73ccfdff46c7174b4@%3Cdev.hive.apache.org%3E
6
reference_url http://www.securityfocus.com/bid/103750
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/103750
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1564357
reference_id 1564357
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1564357
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1284
reference_id CVE-2018-1284
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1284
9
reference_url https://github.com/advisories/GHSA-rxmr-c9jm-7mm8
reference_id GHSA-rxmr-c9jm-7mm8
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rxmr-c9jm-7mm8
fixed_packages
0
url pkg:maven/org.apache.hive/hive@2.3.3
purl pkg:maven/org.apache.hive/hive@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c6s8-kd2p-b3cn
1
vulnerability VCID-he9j-yvcw-cuet
2
vulnerability VCID-kp77-nwjw-rfgy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.3.3
aliases CVE-2018-1284, GHSA-rxmr-c9jm-7mm8
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cccj-uhyy-hbew
3
url VCID-e3vr-tx7y-xbg9
vulnerability_id VCID-e3vr-tx7y-xbg9
summary 
Improper Authentication
The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.
references
0
reference_url http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB%40minotaur.apache.org%3E
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB%40minotaur.apache.org%3E
1
reference_url http://packetstormsecurity.com/files/135836/Apache-Hive-Authorization-Bypass.html
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/135836/Apache-Hive-Authorization-Bypass.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7521
reference_id
reference_type
scores
0
value 0.00404
scoring_system epss
scoring_elements 0.61275
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7521
3
reference_url https://github.com/apache/hive/commit/98f933f269e6b528ef84912b3d701ca3272ec04b
reference_id
reference_type
scores
url https://github.com/apache/hive/commit/98f933f269e6b528ef84912b3d701ca3272ec04b
4
reference_url http://www.openwall.com/lists/oss-security/2016/01/28/12
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/01/28/12
5
reference_url http://www.securityfocus.com/archive/1/537549/100/0/threaded
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/537549/100/0/threaded
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7521
reference_id CVE-2015-7521
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7521
7
reference_url https://github.com/advisories/GHSA-83r3-c79w-f6wc
reference_id GHSA-83r3-c79w-f6wc
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-83r3-c79w-f6wc
fixed_packages
0
url pkg:maven/org.apache.hive/hive@1.2.2
purl pkg:maven/org.apache.hive/hive@1.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c6s8-kd2p-b3cn
1
vulnerability VCID-cccj-uhyy-hbew
2
vulnerability VCID-he9j-yvcw-cuet
3
vulnerability VCID-kp77-nwjw-rfgy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.2.2
aliases CVE-2015-7521, GHSA-83r3-c79w-f6wc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3vr-tx7y-xbg9
4
url VCID-he9j-yvcw-cuet
vulnerability_id VCID-he9j-yvcw-cuet
summary 
Information Exposure
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1926
reference_id
reference_type
scores
0
value 0.00478
scoring_system epss
scoring_elements 0.65352
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1926
1
reference_url https://issues.apache.org/jira/browse/HIVE-22708
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/HIVE-22708
2
reference_url https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1926
reference_id CVE-2020-1926
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1926
fixed_packages
0
url pkg:maven/org.apache.hive/hive@2.3.8
purl pkg:maven/org.apache.hive/hive@2.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.3.8
aliases CVE-2020-1926, GHSA-54g4-5cf6-hjp3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-he9j-yvcw-cuet
5
url VCID-kp77-nwjw-rfgy
vulnerability_id VCID-kp77-nwjw-rfgy
summary 
Missing Authorization
The Hive `EXPLAIN` operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do `EXPLAIN` on arbitrary table or view and expose table metadata and statistics.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1314
reference_id
reference_type
scores
0
value 0.00374
scoring_system epss
scoring_elements 0.59392
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1314
1
reference_url https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E
2
reference_url http://www.securityfocus.com/bid/105884
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105884
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1314
reference_id CVE-2018-1314
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1314
4
reference_url https://github.com/advisories/GHSA-jmf4-pq78-f8vj
reference_id GHSA-jmf4-pq78-f8vj
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-jmf4-pq78-f8vj
fixed_packages
0
url pkg:maven/org.apache.hive/hive@2.3.4
purl pkg:maven/org.apache.hive/hive@2.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-he9j-yvcw-cuet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.3.4
1
url pkg:maven/org.apache.hive/hive@3.1.1
purl pkg:maven/org.apache.hive/hive@3.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@3.1.1
aliases CVE-2018-1314, GHSA-jmf4-pq78-f8vj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kp77-nwjw-rfgy
6
url VCID-me8z-qek2-wfgn
vulnerability_id VCID-me8z-qek2-wfgn
summary 
Improper Certificate Validation
Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive does not seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server `abc.com`, and the server responds with a valid certificate (certified by CA) but issued to `xyz.com`, the client will accept that as a valid certificate and the SSL handshake will go through.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3083
reference_id
reference_type
scores
0
value 0.00206
scoring_system epss
scoring_elements 0.42874
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3083
1
reference_url https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E
2
reference_url http://www.securityfocus.com/bid/98669
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/98669
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3083
reference_id CVE-2016-3083
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3083
4
reference_url https://github.com/advisories/GHSA-gf2v-9hp6-44qg
reference_id GHSA-gf2v-9hp6-44qg
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-gf2v-9hp6-44qg
fixed_packages
0
url pkg:maven/org.apache.hive/hive@1.2.2
purl pkg:maven/org.apache.hive/hive@1.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c6s8-kd2p-b3cn
1
vulnerability VCID-cccj-uhyy-hbew
2
vulnerability VCID-he9j-yvcw-cuet
3
vulnerability VCID-kp77-nwjw-rfgy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.2.2
1
url pkg:maven/org.apache.hive/hive@2.0.1
purl pkg:maven/org.apache.hive/hive@2.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c6s8-kd2p-b3cn
1
vulnerability VCID-cccj-uhyy-hbew
2
vulnerability VCID-he9j-yvcw-cuet
3
vulnerability VCID-kp77-nwjw-rfgy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.0.1
aliases CVE-2016-3083, GHSA-gf2v-9hp6-44qg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-me8z-qek2-wfgn
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.1.0