Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-26841

Upgrade avatica to 1.22.0

Log workAgile BoardRank to TopRank to BottomBulk Copy AttachmentsBulk Move AttachmentsVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • 4.0.0-alpha-2
    • Not Applicable
    • None
    • None

    Description

      To resolve CVE-2022-36364 Avatica needs to be upgraded.

       Apache Calcite Avatica JDBC driver httpclient_impl connection property can be used as an RCE vector. Users of previous versions of Avatica MUST upgrade to mitigate this vulnerability. For more info please see the entry in the CVE database: CVE-2022-36364.

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Aggarwal_Raghav Raghav Aggarwal Assign to me
            Aggarwal_Raghav Raghav Aggarwal
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment