Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.hive/hive@3.1.1
Typemaven
Namespaceorg.apache.hive
Namehive
Version3.1.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-c6s8-kd2p-b3cn
vulnerability_id VCID-c6s8-kd2p-b3cn
summary 
Improper Access Control
In Apache Hive, local resources on HiveServer2 machines are not properly protected against a malicious user if ranger, sentry or sql standard authorizer is not in use.
references
0
reference_url https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E
1
reference_url http://www.securityfocus.com/bid/105886
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/105886
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11777
reference_id CVE-2018-11777
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-11777
3
reference_url https://github.com/advisories/GHSA-rrfq-g5fq-fc9c
reference_id GHSA-rrfq-g5fq-fc9c
reference_type
scores
url https://github.com/advisories/GHSA-rrfq-g5fq-fc9c
fixed_packages
0
url pkg:maven/org.apache.hive/hive@2.3.4
purl pkg:maven/org.apache.hive/hive@2.3.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.3.4
1
url pkg:maven/org.apache.hive/hive@3.1.1
purl pkg:maven/org.apache.hive/hive@3.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@3.1.1
aliases CVE-2018-11777, GHSA-rrfq-g5fq-fc9c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c6s8-kd2p-b3cn
1
url VCID-kp77-nwjw-rfgy
vulnerability_id VCID-kp77-nwjw-rfgy
summary 
Missing Authorization
The Hive `EXPLAIN` operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do `EXPLAIN` on arbitrary table or view and expose table metadata and statistics.
references
0
reference_url https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E
1
reference_url http://www.securityfocus.com/bid/105884
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/105884
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1314
reference_id CVE-2018-1314
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1314
3
reference_url https://github.com/advisories/GHSA-jmf4-pq78-f8vj
reference_id GHSA-jmf4-pq78-f8vj
reference_type
scores
url https://github.com/advisories/GHSA-jmf4-pq78-f8vj
fixed_packages
0
url pkg:maven/org.apache.hive/hive@2.3.4
purl pkg:maven/org.apache.hive/hive@2.3.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.3.4
1
url pkg:maven/org.apache.hive/hive@3.1.1
purl pkg:maven/org.apache.hive/hive@3.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@3.1.1
aliases CVE-2018-1314, GHSA-jmf4-pq78-f8vj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kp77-nwjw-rfgy
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@3.1.1