You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Apache Spark (JIRA)" <ji...@apache.org> on 2018/06/13 06:39:00 UTC

[jira] [Assigned] (SPARK-24542) Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access arbitrary files

     [ https://issues.apache.org/jira/browse/SPARK-24542?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Apache Spark reassigned SPARK-24542:
------------------------------------

    Assignee: Xiao Li  (was: Apache Spark)

> Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access arbitrary files
> ------------------------------------------------------------------------------------------------
>
>                 Key: SPARK-24542
>                 URL: https://issues.apache.org/jira/browse/SPARK-24542
>             Project: Spark
>          Issue Type: New Feature
>          Components: SQL
>    Affects Versions: 2.0.2, 2.1.2, 2.2.1, 2.3.1
>            Reporter: Xiao Li
>            Assignee: Xiao Li
>            Priority: Major
>
> Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access arbitrary files. Spark does not have built-in access control. When users use the external access control library, users might bypass them and access the file contents. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org