Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Won't Fix
-
4.0.0-alpha-2
-
None
-
None
Description
To resolve CVE-2022-36364 Avatica needs to be upgraded.
Apache Calcite Avatica JDBC driver httpclient_impl connection property can be used as an RCE vector. Users of previous versions of Avatica MUST upgrade to mitigate this vulnerability. For more info please see the entry in the CVE database: CVE-2022-36364.
Attachments
Issue Links
- relates to
-
HIVE-26610 Upgrade calcite-core to 1.32.0
- Closed