You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by "Jeevi Reddy Gudibandi (Jira)" <ji...@apache.org> on 2022/11/30 05:53:00 UTC
[jira] [Created] (HIVE-26791) Applicability of CVE-2022-3171 on Hive exec
Jeevi Reddy Gudibandi created HIVE-26791:
--------------------------------------------
Summary: Applicability of CVE-2022-3171 on Hive exec
Key: HIVE-26791
URL: https://issues.apache.org/jira/browse/HIVE-26791
Project: Hive
Issue Type: Bug
Components: Hive
Reporter: Jeevi Reddy Gudibandi
Applicability of CVE-2022-3171 on Hive Exec
We are currently using hive-exec.jar - [https://mvnrepository.com/artifact/org.apache.hive/hive-exec/2.3.7]
This jar contains, [ com.google|http://com.google/].protobuf v2.5.0 which has the vulnerability 'CVE 2022-3171'([https://nvd.nist.gov/vuln/detail/CVE-2022-3171])
Could you please let us know if this vulnerability is a false positive or affects the hive-exec jar v2.3.7 in any way?
In case this vulnerability is applicable, can we have the fix ASAP
--
This message was sent by Atlassian Jira
(v8.20.10#820010)