Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.hive/hive@0.14.0
Typemaven
Namespaceorg.apache.hive
Namehive
Version0.14.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.3.4
Latest_non_vulnerable_version3.1.3
Affected_by_vulnerabilities
0
url VCID-12xd-nb8g-23gc
vulnerability_id VCID-12xd-nb8g-23gc
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11777
reference_id
reference_type
scores
0
value 0.00249
scoring_system epss
scoring_elements 0.4836
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11777
1
reference_url https://github.com/apache/hive/commit/00c0ee7bc4b8492476b377a6edafcc33411f14b
reference_id
reference_type
scores
url https://github.com/apache/hive/commit/00c0ee7bc4b8492476b377a6edafcc33411f14b
2
reference_url https://github.com/apache/hive/commit/1a1d6ca1bc3ae840238dc345fa1eb2c7c28c8cb
reference_id
reference_type
scores
url https://github.com/apache/hive/commit/1a1d6ca1bc3ae840238dc345fa1eb2c7c28c8cb
3
reference_url https://github.com/apache/hive/commit/f0419dfaabe31dd7802c37aeebab101265907e1
reference_id
reference_type
scores
url https://github.com/apache/hive/commit/f0419dfaabe31dd7802c37aeebab101265907e1
4
reference_url https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E
5
reference_url http://www.securityfocus.com/bid/105886
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105886
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11777
reference_id CVE-2018-11777
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11777
7
reference_url https://github.com/advisories/GHSA-rrfq-g5fq-fc9c
reference_id GHSA-rrfq-g5fq-fc9c
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rrfq-g5fq-fc9c
fixed_packages
0
url pkg:maven/org.apache.hive/hive@2.3.4
purl pkg:maven/org.apache.hive/hive@2.3.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.3.4
1
url pkg:maven/org.apache.hive/hive@3.1.1
purl pkg:maven/org.apache.hive/hive@3.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@3.1.1
aliases CVE-2018-11777, GHSA-rrfq-g5fq-fc9c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12xd-nb8g-23gc
1
url VCID-jq4c-tghp-s3c8
vulnerability_id VCID-jq4c-tghp-s3c8
summary 
Missing Authorization
The Hive `EXPLAIN` operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do `EXPLAIN` on arbitrary table or view and expose table metadata and statistics.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1314
reference_id
reference_type
scores
0
value 0.00374
scoring_system epss
scoring_elements 0.59365
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1314
1
reference_url https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E
2
reference_url http://www.securityfocus.com/bid/105884
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105884
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1314
reference_id CVE-2018-1314
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1314
4
reference_url https://github.com/advisories/GHSA-jmf4-pq78-f8vj
reference_id GHSA-jmf4-pq78-f8vj
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-jmf4-pq78-f8vj
fixed_packages
0
url pkg:maven/org.apache.hive/hive@2.3.4
purl pkg:maven/org.apache.hive/hive@2.3.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.3.4
1
url pkg:maven/org.apache.hive/hive@3.1.1
purl pkg:maven/org.apache.hive/hive@3.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@3.1.1
aliases CVE-2018-1314, GHSA-jmf4-pq78-f8vj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jq4c-tghp-s3c8
2
url VCID-w6dq-9zaa-ykhb
vulnerability_id VCID-w6dq-9zaa-ykhb
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1284
reference_id
reference_type
scores
0
value 0.00469
scoring_system epss
scoring_elements 0.64841
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1284
1
reference_url https://github.com/apache/hive/commit/b0a58d245875dc1b3ac58a7cf1a61d3b17805e96
reference_id
reference_type
scores
url https://github.com/apache/hive/commit/b0a58d245875dc1b3ac58a7cf1a61d3b17805e96
2
reference_url https://github.com/apache/hive/commit/f80a38ae1174553022deae4f8774918401d9756d
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/hive/commit/f80a38ae1174553022deae4f8774918401d9756d
3
reference_url https://issues.apache.org/jira/browse/HIVE-18879
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/HIVE-18879
4
reference_url https://lists.apache.org/thread.html/29184dbce4a37be2af36e539ecb479b1d27868f73ccfdff46c7174b4@%3Cdev.hive.apache.org%3E
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29184dbce4a37be2af36e539ecb479b1d27868f73ccfdff46c7174b4@%3Cdev.hive.apache.org%3E
5
reference_url http://www.securityfocus.com/bid/103750
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/103750
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1284
reference_id CVE-2018-1284
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1284
7
reference_url https://github.com/advisories/GHSA-rxmr-c9jm-7mm8
reference_id GHSA-rxmr-c9jm-7mm8
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rxmr-c9jm-7mm8
fixed_packages
0
url pkg:maven/org.apache.hive/hive@2.3.3
purl pkg:maven/org.apache.hive/hive@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12xd-nb8g-23gc
1
vulnerability VCID-jq4c-tghp-s3c8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.3.3
aliases CVE-2018-1284, GHSA-rxmr-c9jm-7mm8
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6dq-9zaa-ykhb
3
url VCID-xf72-ztd4-8kgd
vulnerability_id VCID-xf72-ztd4-8kgd
summary 
Improper Certificate Validation
Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive does not seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server `abc.com`, and the server responds with a valid certificate (certified by CA) but issued to `xyz.com`, the client will accept that as a valid certificate and the SSL handshake will go through.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3083
reference_id
reference_type
scores
0
value 0.00206
scoring_system epss
scoring_elements 0.4288
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3083
1
reference_url https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E
2
reference_url http://www.securityfocus.com/bid/98669
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/98669
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3083
reference_id CVE-2016-3083
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3083
4
reference_url https://github.com/advisories/GHSA-gf2v-9hp6-44qg
reference_id GHSA-gf2v-9hp6-44qg
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-gf2v-9hp6-44qg
fixed_packages
0
url pkg:maven/org.apache.hive/hive@1.2.2
purl pkg:maven/org.apache.hive/hive@1.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12xd-nb8g-23gc
1
vulnerability VCID-jq4c-tghp-s3c8
2
vulnerability VCID-w6dq-9zaa-ykhb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.2.2
1
url pkg:maven/org.apache.hive/hive@2.0.1
purl pkg:maven/org.apache.hive/hive@2.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12xd-nb8g-23gc
1
vulnerability VCID-jq4c-tghp-s3c8
2
vulnerability VCID-w6dq-9zaa-ykhb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.0.1
aliases CVE-2016-3083, GHSA-gf2v-9hp6-44qg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xf72-ztd4-8kgd
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@0.14.0