Access Restriction Bypass
Affecting org.apache.hive:hive-exec artifact, versions [,2.3.4), [3.1.0, 3.1.1)
org.apache.hive:hive-exec is a data warehouse software facilitates reading, writing, and managing large datasets residing in distributed storage using SQL.
Affected versions of this package are vulnerable to Access Restriction Bypass. Local resources on
HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.
org.apache.hive:hive-exec to versions 2.3.4, 3.1.1 or higher.
Do your applications use this vulnerable package?