-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.hive:hive | maven | < 3.1.3 | 3.1.3 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing authorization checks in function management operations. Hive's DDLTask class centrally handles both CREATE FUNCTION and DROP FUNCTION commands. In versions <3.1.3, these operations didn't validate user privileges through Hive's authorization framework (like SQLStdHiveAuthorizationValidator). This matches the CWE-306 pattern of missing authentication for critical functions (UDF management). The DDLTask methods are the logical execution points for these operations, and their lack of privilege validation directly enables the described attack vector of unauthorized UDF manipulation.
Ongoing coverage of React2Shell