VulnerableCode Package Details - pkg:maven/org.apache.hive/hive@0.13.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-12xd-nb8g-23gc Aliases: CVE-2018-11777 GHSA-rrfq-g5fq-fc9c		2.3.4 Affected by 0 other vulnerabilities. 3.1.1 Affected by 0 other vulnerabilities.
VCID-jq4c-tghp-s3c8 Aliases: CVE-2018-1314 GHSA-jmf4-pq78-f8vj	Missing Authorization The Hive `EXPLAIN` operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do `EXPLAIN` on arbitrary table or view and expose table metadata and statistics.	2.3.4 Affected by 0 other vulnerabilities. 3.1.1 Affected by 0 other vulnerabilities.
VCID-w6dq-9zaa-ykhb Aliases: CVE-2018-1284 GHSA-rxmr-c9jm-7mm8		2.3.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xf72-ztd4-8kgd Aliases: CVE-2016-3083 GHSA-gf2v-9hp6-44qg	Improper Certificate Validation Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive does not seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server `abc.com`, and the server responds with a valid certificate (certified by CA) but issued to `xyz.com`, the client will accept that as a valid certificate and the SSL handshake will go through.	1.2.2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.0.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-12xd-nb8g-23gc
Aliases:
CVE-2018-11777
GHSA-rrfq-g5fq-fc9c

2.3.4
Affected by 0 other vulnerabilities.

3.1.1
Affected by 0 other vulnerabilities.

VCID-jq4c-tghp-s3c8
Aliases:
CVE-2018-1314
GHSA-jmf4-pq78-f8vj

Missing Authorization The Hive `EXPLAIN` operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do `EXPLAIN` on arbitrary table or view and expose table metadata and statistics.

2.3.4
Affected by 0 other vulnerabilities.

3.1.1
Affected by 0 other vulnerabilities.

VCID-w6dq-9zaa-ykhb
Aliases:
CVE-2018-1284
GHSA-rxmr-c9jm-7mm8

2.3.3
Affected by 2 other vulnerabilities.

VCID-xf72-ztd4-8kgd
Aliases:
CVE-2016-3083
GHSA-gf2v-9hp6-44qg

Improper Certificate Validation Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive does not seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server `abc.com`, and the server responds with a valid certificate (certified by CA) but issued to `xyz.com`, the client will accept that as a valid certificate and the SSL handshake will go through.

1.2.2
Affected by 3 other vulnerabilities.

2.0.1
Affected by 3 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-kff1-smtt-7fcc	Improper Access Control Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.	CVE-2014-0228 GHSA-w4x9-4f5x-8jj8

Vulnerability

Summary

Aliases

VCID-kff1-smtt-7fcc

Improper Access Control Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.

CVE-2014-0228
GHSA-w4x9-4f5x-8jj8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T11:17:50.151162+00:00	GithubOSV Importer	Fixing	VCID-kff1-smtt-7fcc	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/11/GHSA-w4x9-4f5x-8jj8/GHSA-w4x9-4f5x-8jj8.json	38.6.0
2026-05-31T09:51:50.204637+00:00	GitLab Importer	Affected by	VCID-12xd-nb8g-23gc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hive/hive/CVE-2018-11777.yml	38.6.0
2026-05-31T09:51:50.064340+00:00	GitLab Importer	Affected by	VCID-jq4c-tghp-s3c8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hive/hive/CVE-2018-1314.yml	38.6.0
2026-05-31T09:44:06.894150+00:00	GitLab Importer	Affected by	VCID-w6dq-9zaa-ykhb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hive/hive/CVE-2018-1284.yml	38.6.0
2026-05-31T00:51:09.177130+00:00	GHSA Importer	Fixing	VCID-kff1-smtt-7fcc	https://github.com/advisories/GHSA-w4x9-4f5x-8jj8	38.6.0
2026-05-30T20:54:32.925290+00:00	GitLab Importer	Fixing	VCID-kff1-smtt-7fcc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hive/hive/CVE-2014-0228.yml	38.6.0
2026-05-30T20:52:48.979265+00:00	GitLab Importer	Affected by	VCID-xf72-ztd4-8kgd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hive/hive/CVE-2016-3083.yml	38.6.0