You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hive.apache.org by "Jeevi Reddy Gudibandi (Jira)" <ji...@apache.org> on 2022/11/30 05:53:00 UTC

[jira] [Created] (HIVE-26791) Applicability of CVE-2022-3171 on Hive exec

Jeevi Reddy Gudibandi created HIVE-26791:
--------------------------------------------

             Summary: Applicability of CVE-2022-3171  on Hive exec 
                 Key: HIVE-26791
                 URL: https://issues.apache.org/jira/browse/HIVE-26791
             Project: Hive
          Issue Type: Bug
          Components: Hive
            Reporter: Jeevi Reddy Gudibandi


Applicability of CVE-2022-3171  on Hive Exec 

We are currently using hive-exec.jar - [https://mvnrepository.com/artifact/org.apache.hive/hive-exec/2.3.7]

 This jar contains, [ com.google|http://com.google/].protobuf v2.5.0 which has the vulnerability 'CVE 2022-3171'([https://nvd.nist.gov/vuln/detail/CVE-2022-3171])

Could you please let us know if this vulnerability is a false positive or affects the hive-exec jar v2.3.7 in any way? 

In case this vulnerability is applicable, can we have the fix ASAP

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)