[ https://issues.apache.org/jira/browse/HIVE-26841?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Raghav Aggarwal resolved HIVE-26841. ------------------------------------ Fix Version/s: Not Applicable Resolution: Won't Fix > Upgrade avatica to 1.22.0 > ------------------------- > > Key: HIVE-26841 > URL: https://issues.apache.org/jira/browse/HIVE-26841 > Project: Hive > Issue Type: Improvement > Affects Versions: 4.0.0-alpha-2 > Reporter: Raghav Aggarwal > Assignee: Raghav Aggarwal > Priority: Major > Fix For: Not Applicable > > > To resolve {{CVE-2022-36364 Avatica needs to be upgraded.}} > Apache Calcite Avatica JDBC driver {{httpclient_impl}} connection property > can be used as an RCE vector. Users of previous versions of Avatica MUST > upgrade to mitigate this vulnerability. For more info please see the entry in > the CVE database: > [CVE-2022-36364|http://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-36364]. -- This message was sent by Atlassian Jira (v8.20.10#820010)