[
https://issues.apache.org/jira/browse/HIVE-26841?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Raghav Aggarwal resolved HIVE-26841.
------------------------------------
Fix Version/s: Not Applicable
Resolution: Won't Fix
> Upgrade avatica to 1.22.0
> -------------------------
>
> Key: HIVE-26841
> URL: https://issues.apache.org/jira/browse/HIVE-26841
> Project: Hive
> Issue Type: Improvement
> Affects Versions: 4.0.0-alpha-2
> Reporter: Raghav Aggarwal
> Assignee: Raghav Aggarwal
> Priority: Major
> Fix For: Not Applicable
>
>
> To resolve {{CVE-2022-36364 Avatica needs to be upgraded.}}
> Apache Calcite Avatica JDBC driver {{httpclient_impl}} connection property
> can be used as an RCE vector. Users of previous versions of Avatica MUST
> upgrade to mitigate this vulnerability. For more info please see the entry in
> the CVE database:
> [CVE-2022-36364|http://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-36364].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
