[jira] [Resolved] (SPARK-24542) Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access arbitrary files

Wenchen Fan (JIRA) Mon, 18 Jun 2018 20:53:55 -0700


     [ 
https://issues.apache.org/jira/browse/SPARK-24542?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Wenchen Fan resolved SPARK-24542.
---------------------------------
       Resolution: Fixed
    Fix Version/s: 2.3.2
                   2.4.0

Issue resolved by pull request 21549
[https://github.com/apache/spark/pull/21549]

> Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to 
> access arbitrary files
> ------------------------------------------------------------------------------------------------
>
>                 Key: SPARK-24542
>                 URL: https://issues.apache.org/jira/browse/SPARK-24542
>             Project: Spark
>          Issue Type: New Feature
>          Components: SQL
>    Affects Versions: 2.0.2, 2.1.2, 2.2.1, 2.3.1
>            Reporter: Xiao Li
>            Assignee: Xiao Li
>            Priority: Major
>             Fix For: 2.4.0, 2.3.2
>
>
> Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to 
> access arbitrary files. Spark does not have built-in access control. When 
> users use the external access control library, users might bypass them and 
> access the file contents. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Resolved] (SPARK-24542) Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access arbitrary files

Reply via email to