It looks like that affects Hive, and not the metastore. I do not see that it is relevant to Spark at first glance.
On Mon, Jan 27, 2025 at 1:21 AM Balaji Sudharsanam V <balaji.sudharsa...@ibm.com.invalid> wrote: > Hi All, > > There is a vulnerability with ‘High’ severity found in the *Apache Spark > 3.x and 4.0.0 preview (2) releases,* with the hive-metastore-2.3.x.jar. > This is defined here, Apache Hive security bypass CVE-2021-34538 > Vulnerability Report > <https://exchange.xforce.ibmcloud.com/vulnerabilities/231404> > > > > The recommendation is to use upgrade to the latest version of Apache Hive > (*3.1.3, 4.0 or later*), available from the Apache Web site. > > > > Can we expect this getting fixed in the Apache Spark 4.0 GA ? > > Thanks, > > Balaji > > > >
