Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.hive/hive@2.3.8

Type maven

Namespace org.apache.hive

Name hive

Version 2.3.8

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.1.1

Latest_non_vulnerable_version 3.1.3

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-he9j-yvcw-cuet

vulnerability_id VCID-he9j-yvcw-cuet

summary

Information Exposure
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1926

reference_id

reference_type

scores

value	0.00478
scoring_system	epss
scoring_elements	0.65352
published_at	2026-06-04T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.65404
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1926

reference_url

https://issues.apache.org/jira/browse/HIVE-22708

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/HIVE-22708

reference_url

https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1926

reference_id

CVE-2020-1926

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1926

reference_url

https://github.com/advisories/GHSA-54g4-5cf6-hjp3

reference_id

GHSA-54g4-5cf6-hjp3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-54g4-5cf6-hjp3

fixed_packages

url	pkg:maven/org.apache.hive/hive@2.3.8
purl	pkg:maven/org.apache.hive/hive@2.3.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.3.8

aliases CVE-2020-1926, GHSA-54g4-5cf6-hjp3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-he9j-yvcw-cuet

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.3.8

Package Instance