[SPARK-24542] Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access arbitrary files - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.2, 2.1.2, 2.2.1, 2.3.1
Fix Version/s: 2.3.2, 2.4.0
Component/s: SQL
Labels:
None

Description

Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access arbitrary files. Spark does not have built-in access control. When users use the external access control library, users might bypass them and access the file contents.

Attachments

Issue Links

links to

[Github] Pull Request #21549 (gatorsmile)

Activity

People

Assignee:: Xiao Li

Reporter:: Xiao Li

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 13/Jun/18 06:35

Updated:: 19/Jun/18 03:52

Resolved:: 19/Jun/18 03:52