Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-26791

Applicability of CVE-2022-3171 on Hive exec

Log workAgile BoardRank to TopRank to BottomBulk Copy AttachmentsBulk Move AttachmentsAdd voteVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • Hive
    • None

    Description

      Applicability of CVE-2022-3171  on Hive Exec 

      We are currently using hive-exec.jar - https://mvnrepository.com/artifact/org.apache.hive/hive-exec/2.3.7

      This jar contains, [ com.google|http://com.google/].protobuf v2.5.0 which has the vulnerability 'CVE 2022-3171'(https://nvd.nist.gov/vuln/detail/CVE-2022-3171)

      Could you please let us know if this vulnerability is a false positive or affects the hive-exec jar v2.3.7 in any way? 

      In case this vulnerability is applicable, can we have the fix ASAP

       

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned Assign to me
            jeevireddy Jeevi Reddy Gudibandi

            Dates

              Created:
              Updated:

              Slack

                Issue deployment