[jira] [Commented] (HIVE-27554) Validate URL used by SSO workflow for JDBC connection

Stamatis Zampetakis (Jira) Fri, 03 May 2024 01:09:03 -0700


    [ 
https://issues.apache.org/jira/browse/HIVE-27554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17843149#comment-17843149
 ]


Stamatis Zampetakis commented on HIVE-27554:
--------------------------------------------

This ticket addresses 
[CVE-2023-35701|https://www.cve.org/CVERecord?id=CVE-2023-35701]. It adds 
stricter controls to the URLs that are used in the SSO workflow to minimize the 
impact of malicious users trying to execute arbitrary commands in the JDBC 
client machine.

 

 

> Validate URL used by SSO workflow for JDBC connection
> -----------------------------------------------------
>
>                 Key: HIVE-27554
>                 URL: https://issues.apache.org/jira/browse/HIVE-27554
>             Project: Hive
>          Issue Type: Improvement
>          Components: JDBC
>    Affects Versions: 4.0.0-alpha-1
>            Reporter: Henri Biestro
>            Assignee: Henri Biestro
>            Priority: Minor
>              Labels: pull-request-available
>             Fix For: 4.0.0
>
>
> Add a validation to ensure the URL used during SSO workflow is proper 
> (http/https).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (HIVE-27554) Validate URL used by SSO workflow for JDBC connection

Reply via email to