Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.hive/hive-jdbc@0.13.1

Type maven

Namespace org.apache.hive

Name hive-jdbc

Version 0.13.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.0.0

Latest_non_vulnerable_version 4.0.0

Affected_by_vulnerabilities

url VCID-c43w-cb83-yyfv

vulnerability_id VCID-c43w-cb83-yyfv

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-34538

reference_id

reference_type

scores

value	0.00451
scoring_system	epss
scoring_elements	0.63997
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-34538

reference_url

https://github.com/apache/hive

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hive

reference_url

https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-34538

reference_id

CVE-2021-34538

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-34538

reference_url

https://github.com/advisories/GHSA-v3p8-j597-3xg8

reference_id

GHSA-v3p8-j597-3xg8

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v3p8-j597-3xg8

fixed_packages

url	pkg:maven/org.apache.hive/hive-jdbc@3.1.3
purl	pkg:maven/org.apache.hive/hive-jdbc@3.1.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@3.1.3

aliases CVE-2021-34538, GHSA-v3p8-j597-3xg8

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c43w-cb83-yyfv

url VCID-gqah-8x44-a3c9

vulnerability_id VCID-gqah-8x44-a3c9

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1282

reference_id

reference_type

scores

value	0.00297
scoring_system	epss
scoring_elements	0.53371
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1282

reference_url

https://github.com/apache/hive

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hive

reference_url	https://github.com/apache/hive/commit/0330c1c0b62f3c2e6a4744048578dea55193b62
reference_id
reference_type
scores
url	https://github.com/apache/hive/commit/0330c1c0b62f3c2e6a4744048578dea55193b62

reference_url	https://github.com/apache/hive/commit/63df42966cf44ffdd20d3fcdcfb70738c0432ab
reference_id
reference_type
scores
url	https://github.com/apache/hive/commit/63df42966cf44ffdd20d3fcdcfb70738c0432ab

reference_url

https://lists.apache.org/thread.html/74bd2bff1827febb348dfb323986fa340d3bb97a315ab93c3ccc8299@%3Cdev.hive.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/74bd2bff1827febb348dfb323986fa340d3bb97a315ab93c3ccc8299@%3Cdev.hive.apache.org%3E

reference_url

https://web.archive.org/web/20200227125536/http://www.securityfocus.com/bid/103751

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227125536/http://www.securityfocus.com/bid/103751

reference_url	http://www.securityfocus.com/bid/103751
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103751

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1282

reference_id

CVE-2018-1282

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1282

reference_url

https://github.com/advisories/GHSA-jf2m-435m-mxw8

reference_id

GHSA-jf2m-435m-mxw8

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-jf2m-435m-mxw8

fixed_packages

url pkg:maven/org.apache.hive/hive-jdbc@2.3.3

purl pkg:maven/org.apache.hive/hive-jdbc@2.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-c43w-cb83-yyfv

vulnerability	VCID-jq4c-tghp-s3c8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@2.3.3

aliases CVE-2018-1282, GHSA-jf2m-435m-mxw8

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gqah-8x44-a3c9

url VCID-jq4c-tghp-s3c8

vulnerability_id VCID-jq4c-tghp-s3c8

summary

Missing Authorization
The Hive `EXPLAIN` operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do `EXPLAIN` on arbitrary table or view and expose table metadata and statistics.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1314

reference_id

reference_type

scores

value	0.00374
scoring_system	epss
scoring_elements	0.59365
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1314

reference_url

https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E

reference_url

http://www.securityfocus.com/bid/105884

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/105884

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1314

reference_id

CVE-2018-1314

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1314

reference_url

https://github.com/advisories/GHSA-jmf4-pq78-f8vj

reference_id

GHSA-jmf4-pq78-f8vj

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-jmf4-pq78-f8vj

fixed_packages

url pkg:maven/org.apache.hive/hive-jdbc@2.3.4

purl pkg:maven/org.apache.hive/hive-jdbc@2.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-c43w-cb83-yyfv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@2.3.4

url pkg:maven/org.apache.hive/hive-jdbc@3.1.1

purl pkg:maven/org.apache.hive/hive-jdbc@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-c43w-cb83-yyfv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@3.1.1

aliases CVE-2018-1314, GHSA-jmf4-pq78-f8vj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jq4c-tghp-s3c8

url VCID-xf72-ztd4-8kgd

vulnerability_id VCID-xf72-ztd4-8kgd

summary

Improper Certificate Validation
Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive does not seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server `abc.com`, and the server responds with a valid certificate (certified by CA) but issued to `xyz.com`, the client will accept that as a valid certificate and the SSL handshake will go through.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3083

reference_id

reference_type

scores

value	0.00206
scoring_system	epss
scoring_elements	0.4288
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3083

reference_url

https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E

reference_url

http://www.securityfocus.com/bid/98669

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/98669

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-3083

reference_id

CVE-2016-3083

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3083

reference_url

https://github.com/advisories/GHSA-gf2v-9hp6-44qg

reference_id

GHSA-gf2v-9hp6-44qg

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-gf2v-9hp6-44qg

fixed_packages

url pkg:maven/org.apache.hive/hive-jdbc@1.2.2

purl pkg:maven/org.apache.hive/hive-jdbc@1.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-c43w-cb83-yyfv

vulnerability	VCID-gqah-8x44-a3c9

vulnerability	VCID-jq4c-tghp-s3c8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@1.2.2

aliases CVE-2016-3083, GHSA-gf2v-9hp6-44qg

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xf72-ztd4-8kgd

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@0.13.1

Package Instance