VulnerableCode Package Details - pkg:maven/org.apache.hive/hive-jdbc@2.3.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-bsvr-e8ga-jugx Aliases: CVE-2018-1282 GHSA-jf2m-435m-mxw8	SQL Injection This vulnerability in Apache Hive JDBC allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in `PreparedStatement` implementation.	2.3.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-kp77-nwjw-rfgy Aliases: CVE-2018-1314 GHSA-jmf4-pq78-f8vj	Missing Authorization The Hive `EXPLAIN` operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do `EXPLAIN` on arbitrary table or view and expose table metadata and statistics.	2.3.4 Affected by 0 other vulnerabilities. 3.1.1 Affected by 0 other vulnerabilities.
VCID-z8jz-kv82-c3gk Aliases: CVE-2017-12625 GHSA-2g9q-chq2-w8qw	Information Exposure Apache Hive expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.	2.3.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-bsvr-e8ga-jugx
Aliases:
CVE-2018-1282
GHSA-jf2m-435m-mxw8

SQL Injection This vulnerability in Apache Hive JDBC allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in `PreparedStatement` implementation.

2.3.3
Affected by 1 other vulnerability.

VCID-kp77-nwjw-rfgy
Aliases:
CVE-2018-1314
GHSA-jmf4-pq78-f8vj

Missing Authorization The Hive `EXPLAIN` operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do `EXPLAIN` on arbitrary table or view and expose table metadata and statistics.

2.3.4
Affected by 0 other vulnerabilities.

3.1.1
Affected by 0 other vulnerabilities.

VCID-z8jz-kv82-c3gk
Aliases:
CVE-2017-12625
GHSA-2g9q-chq2-w8qw

Information Exposure Apache Hive expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.

2.3.1
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:17:06.348434+00:00	GitLab Importer	Affected by	VCID-kp77-nwjw-rfgy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hive/hive-jdbc/CVE-2018-1314.yml	38.6.0
2026-06-04T20:11:46.938488+00:00	GitLab Importer	Affected by	VCID-bsvr-e8ga-jugx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hive/hive-jdbc/CVE-2018-1282.yml	38.6.0
2026-06-04T18:24:01.477992+00:00	GHSA Importer	Affected by	VCID-bsvr-e8ga-jugx	https://github.com/advisories/GHSA-jf2m-435m-mxw8	38.6.0
2026-06-02T04:37:18.946504+00:00	GitLab Importer	Affected by	VCID-z8jz-kv82-c3gk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hive/hive-jdbc/CVE-2017-12625.yml	38.6.0