[HIVE-26153] CVE-2021-27568 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.1.3
Fix Version/s: None
Component/s: Hive
Labels:
None

Description

Address the vulnerability CVE-2021-27568.

Hive jdbc driver is packaged with json-smart version which has the above vulnerability.

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.

Fix: Upgrade net.minidev:json-smart to version 1.3.2, 2.4.1 or higher.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Asif Saleh

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 19/Apr/22 15:32

Updated:: 19/Apr/22 15:32