Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-26841

Upgrade avatica to 1.22.0

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • 4.0.0-alpha-2
    • Not Applicable
    • None
    • None

    Description

      To resolve CVE-2022-36364 Avatica needs to be upgraded.

       Apache Calcite Avatica JDBC driver httpclient_impl connection property can be used as an RCE vector. Users of previous versions of Avatica MUST upgrade to mitigate this vulnerability. For more info please see the entry in the CVE database: CVE-2022-36364.

      Attachments

        Issue Links

          Activity

            People

              Aggarwal_Raghav Raghav Aggarwal
              Aggarwal_Raghav Raghav Aggarwal
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: