[
https://issues.apache.org/jira/browse/HIVE-26841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17646747#comment-17646747
]
Stamatis Zampetakis commented on HIVE-26841:
--------------------------------------------
This probably needs to be tackled together with HIVE-26610.
> Upgrade avatica to 1.22.0
> -------------------------
>
> Key: HIVE-26841
> URL: https://issues.apache.org/jira/browse/HIVE-26841
> Project: Hive
> Issue Type: Improvement
> Affects Versions: 4.0.0-alpha-2
> Reporter: Raghav Aggarwal
> Assignee: Raghav Aggarwal
> Priority: Major
>
> To resolve {{CVE-2022-36364 Avatica needs to be upgraded.}}
> Apache Calcite Avatica JDBC driver {{httpclient_impl}} connection property
> can be used as an RCE vector. Users of previous versions of Avatica MUST
> upgrade to mitigate this vulnerability. For more info please see the entry in
> the CVE database:
> [CVE-2022-36364|http://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-36364].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
