{"url":"http://public2.vulnerablecode.io/api/packages/57587?format=json","purl":"pkg:maven/org.apache.hive/hive-exec@1.1.1","type":"maven","namespace":"org.apache.hive","name":"hive-exec","version":"1.1.1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.2.2","latest_non_vulnerable_version":"2.3.4","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40816?format=json","vulnerability_id":"VCID-6ppt-m2fe-1uge","summary":"Improper Authentication\nThe LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.","references":[{"reference_url":"http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q@mail.gmail.com%3E","reference_id":"","reference_type":"","scores":[],"url":"http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q@mail.gmail.com%3E"},{"reference_url":"https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21969546","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21969546"},{"reference_url":"http://www.securitytracker.com/id/1034365","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034365"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1772","reference_id":"CVE-2015-1772","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1772"},{"reference_url":"https://github.com/advisories/GHSA-5gvm-hrw5-h6xf","reference_id":"GHSA-5gvm-hrw5-h6xf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5gvm-hrw5-h6xf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57586?format=json","purl":"pkg:maven/org.apache.hive/hive-exec@1.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-exec@1.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/57587?format=json","purl":"pkg:maven/org.apache.hive/hive-exec@1.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-exec@1.1.1"}],"aliases":["CVE-2015-1772","GHSA-5gvm-hrw5-h6xf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ppt-m2fe-1uge"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-exec@1.1.1"}