Affecting org.apache.hive:hive-exec artifact, versions [,2.3.4), [3.0.0, 3.1.1)
org.apache.hive:hive-exec is a data warehouse software facilitates reading, writing, and managing large datasets residing in distributed storage using SQL.
Affected versions of this package are vulnerable to Authentication Bypass. The
EXPLAIN operation does not check for necessary
authorization of involved entities in a query. An unauthorized user
EXPLAIN on arbitrary table or view and expose table metadata
org.apache.hive:hive-exec to version 2.3.4, 3.1.1 or higher.