Unsecure Method in Apache Hive Metastore Leads to Remote Code Execution Vulnerability
CVE-2022-41137

Currently unrated

Key Information:

Vendor

Apache
Status
Apache Hive
Vendor
CVE Published:
5 December 2024

What is CVE-2022-41137?

The Apache Hive Metastore is affected by a vulnerability that stems from its use of the unsafe method SerializationUtilities#deserializeObjectWithTypeInformation when filtering and fetching partitions. This flaw permits the deserialization of arbitrary data, which can potentially lead to Remote Code Execution (RCE). Exploitation of this vulnerability requires that the attacker is an authenticated user or client who has established a connection to the Metastore. Moreover, any code that interacts with this unsafe method may be susceptible unless it incorporates stringent prechecks on input parameters.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Hive 4.0.0-alpha-1 < 4.0.0

References

https://github.com/apache/hive
product
https://issues.apache.org/jira/browse/HIVE-26539
issue-tracking
https://github.com/apache/hive/commit/60027bb9c91a93affcf...
patch

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Junjie Liao
JSON
.