Asif Saleh created HIVE-26153:
---------------------------------
Summary: CVE-2021-27568
Key: HIVE-26153
URL: https://issues.apache.org/jira/browse/HIVE-26153
Project: Hive
Issue Type: Bug
Components: Hive
Affects Versions: 3.1.3
Reporter: Asif Saleh
Address the vulnerability CVE-2021-27568.
Hive jdbc driver is packaged with json-smart version which has the above
vulnerability.
An issue was discovered in netplex json-smart-v1 through 2015-10-23 and
json-smart-v2 through 2.4. An exception is thrown from a function, but it is
not caught, as demonstrated by NumberFormatException. When it is not caught, it
may cause programs using the library to crash or expose sensitive information.
Fix: Upgrade {{net.minidev:json-smart}} to version 1.3.2, 2.4.1 or higher.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
