Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hive
(Apache)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-02-12 | CVE-2020-13949 | In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. | Hive, Thrift, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy | 7.5 | ||
| 2021-03-16 | CVE-2020-1926 | Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8 | Hive | 5.9 |