Search for packages
| purl | pkg:maven/org.apache.hive/hive@2.3.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-gcgn-udwx-xqft
Aliases: CVE-2021-34538 GHSA-v3p8-j597-3xg8 |
Apache Hive before 3.1.3 `CREATE` and `DROP` function operations do not check for necessary authorization. Apache Hive before 3.1.3 `CREATE` and `DROP` function operations do not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious. |
Affected by 0 other vulnerabilities. |
|
VCID-he9j-yvcw-cuet
Aliases: CVE-2020-1926 GHSA-54g4-5cf6-hjp3 |
Information Exposure Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T02:41:48.899141+00:00 | GitLab Importer | Affected by | VCID-gcgn-udwx-xqft | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hive/hive/CVE-2021-34538.yml | 38.6.0 |
| 2026-06-04T20:46:57.997171+00:00 | GitLab Importer | Affected by | VCID-he9j-yvcw-cuet | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hive/hive/CVE-2020-1926.yml | 38.6.0 |