Vulnerability Details CVE-2018-1282
This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.0%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 7.5
References
- http://www.securityfocus.com/bid/103751
- https://lists.apache.org/thread.html/74bd2bff1827febb348dfb323986fa340d3bb97a315ab93c3ccc8299%40%3Cdev.hive.apache.org%3E
- https://exchange.xforce.ibmcloud.com/vulnerabilities/141253
- http://www.securityfocus.com/bid/103751
- https://lists.apache.org/thread.html/74bd2bff1827febb348dfb323986fa340d3bb97a315ab93c3ccc8299%40%3Cdev.hive.apache.org%3E
Products affected by CVE-2018-1282
-
cpe:2.3:a:apache:hive:0.10.0
-
cpe:2.3:a:apache:hive:0.11.0
-
cpe:2.3:a:apache:hive:0.12.0
-
cpe:2.3:a:apache:hive:0.13.0
-
cpe:2.3:a:apache:hive:0.13.1
-
cpe:2.3:a:apache:hive:0.14.0
-
cpe:2.3:a:apache:hive:0.7.1
-
cpe:2.3:a:apache:hive:0.8.0
-
cpe:2.3:a:apache:hive:0.8.1
-
cpe:2.3:a:apache:hive:0.9.0
-
cpe:2.3:a:apache:hive:1.0.0
-
cpe:2.3:a:apache:hive:1.0.1
-
cpe:2.3:a:apache:hive:1.1.0
-
cpe:2.3:a:apache:hive:1.1.1
-
cpe:2.3:a:apache:hive:1.2.0
-
cpe:2.3:a:apache:hive:1.2.1
-
cpe:2.3:a:apache:hive:1.2.2
-
cpe:2.3:a:apache:hive:2.0.0
-
cpe:2.3:a:apache:hive:2.0.1
-
cpe:2.3:a:apache:hive:2.1.0
-
cpe:2.3:a:apache:hive:2.1.1
-
cpe:2.3:a:apache:hive:2.2.0
-
cpe:2.3:a:apache:hive:2.2.1
-
cpe:2.3:a:apache:hive:2.3.0
-
cpe:2.3:a:apache:hive:2.3.1
-
cpe:2.3:a:apache:hive:2.3.2