cvelistv5 - cve-2023-35701

CVE-2023-35701 (GCVE-0-2023-35701)

Vulnerability from cvelistv5 – Published: 2024-05-03 08:11 – Updated: 2025-02-13 16:55

Summary

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying on the Hive JDBC driver and the JDBC client process must run under a privileged user to fully exploit the vulnerability. The attacker can setup a malicious HTTP server and specify a JDBC URL pointing towards this server. When a JDBC connection is attempted, the malicious HTTP server can provide a special response with customized payload that can trigger the execution of certain commands in the JDBC client.This issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0. Users are recommended to upgrade to version 4.0.0, which fixes the issue.

Severity ?

No CVSS data available.

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

apache

References

URL

Tags

	https://lists.apache.org/thread/7zcv6l63spl4r66xw…	vendor-advisory
	http://www.openwall.com/lists/oss-security/2024/05/03/3

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Hive	Affected: 4.0.0-alpha-1 , < 4.0.0 (semver)

Credits

Kostya Kortchinsky

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:hive:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "hive",
            "vendor": "apache",
            "versions": [
              {
                "lessThan": "4.0.0",
                "status": "affected",
                "version": "4.0.0-alpha-1",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.6,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-35701",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T19:48:50.207497Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T19:53:00.987Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:30:44.897Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/7zcv6l63spl4r66xwz5jv9rtrg2opx81"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/03/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.hive:hive-jdbc",
          "product": "Apache Hive",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "4.0.0",
              "status": "affected",
              "version": "4.0.0-alpha-1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Kostya Kortchinsky"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache Hive.\u003cbr\u003e\u003cbr\u003eThe vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying on the Hive JDBC driver and the JDBC client process must run under a privileged user to fully exploit the vulnerability.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eThe attacker can setup a malicious HTTP server and specify a JDBC URL pointing towards this server. When a JDBC connection is attempted, the malicious HTTP server can provide a special response with customized payload that can trigger the execution of certain commands in the JDBC client.\u003cp\u003eThis issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.0.0, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache Hive.\n\nThe vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying on the Hive JDBC driver and the JDBC client process must run under a privileged user to fully exploit the vulnerability.\u00a0\n\nThe attacker can setup a malicious HTTP server and specify a JDBC URL pointing towards this server. When a JDBC connection is attempted, the malicious HTTP server can provide a special response with customized payload that can trigger the execution of certain commands in the JDBC client.This issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0.\n\nUsers are recommended to upgrade to version 4.0.0, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T08:15:07.523Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/7zcv6l63spl4r66xwz5jv9rtrg2opx81"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/05/03/3"
        }
      ],
      "source": {
        "defect": [
          "HIVE-27554"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Apache Hive: Arbitrary command execution via JDBC driver",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-35701",
    "datePublished": "2024-05-03T08:11:08.215Z",
    "dateReserved": "2023-06-15T12:56:43.075Z",
    "dateUpdated": "2025-02-13T16:55:52.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache Hive.\\n\\nThe vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying on the Hive JDBC driver and the JDBC client process must run under a privileged user to fully exploit the vulnerability.\\u00a0\\n\\nThe attacker can setup a malicious HTTP server and specify a JDBC URL pointing towards this server. When a JDBC connection is attempted, the malicious HTTP server can provide a special response with customized payload that can trigger the execution of certain commands in the JDBC client.This issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0.\\n\\nUsers are recommended to upgrade to version 4.0.0, which fixes the issue.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de control inadecuado de generaci\\u00f3n de c\\u00f3digo (\\\"inyecci\\u00f3n de c\\u00f3digo\\\") en Apache Hive. La vulnerabilidad afecta al componente del controlador JDBC de Hive y potencialmente puede provocar la ejecuci\\u00f3n de c\\u00f3digo arbitrario en la m\\u00e1quina/endpoint que ejecuta el controlador JDBC (cliente). El usuario malintencionado debe tener permisos suficientes para especificar/editar URL de JDBC en un endpoint que dependa del controlador Hive JDBC y el proceso del cliente JDBC debe ejecutarse con un usuario privilegiado para explotar completamente la vulnerabilidad. El atacante puede configurar un servidor HTTP malicioso y especificar una URL JDBC que apunte hacia este servidor. Cuando se intenta una conexi\\u00f3n JDBC, el servidor HTTP malicioso puede proporcionar una respuesta especial con un payload personalizado que puede desencadenar la ejecuci\\u00f3n de ciertos comandos en el cliente JDBC. Este problema afecta a Apache Hive: desde 4.0.0-alpha-1 antes de 4.0.0. Se recomienda a los usuarios actualizar a la versi\\u00f3n 4.0.0, que soluciona el problema.\"}]",
      "id": "CVE-2023-35701",
      "lastModified": "2024-11-21T08:08:32.263",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.6, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.7, \"impactScore\": 5.9}]}",
      "published": "2024-05-03T09:15:07.587",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2024/05/03/3\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread/7zcv6l63spl4r66xwz5jv9rtrg2opx81\", \"source\": \"security@apache.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/05/03/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread/7zcv6l63spl4r66xwz5jv9rtrg2opx81\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-35701\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-05-03T09:15:07.587\",\"lastModified\":\"2025-07-10T16:32:36.570\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache Hive.\\n\\nThe vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying on the Hive JDBC driver and the JDBC client process must run under a privileged user to fully exploit the vulnerability.\u00a0\\n\\nThe attacker can setup a malicious HTTP server and specify a JDBC URL pointing towards this server. When a JDBC connection is attempted, the malicious HTTP server can provide a special response with customized payload that can trigger the execution of certain commands in the JDBC client.This issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0.\\n\\nUsers are recommended to upgrade to version 4.0.0, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de control inadecuado de generaci\u00f3n de c\u00f3digo (\\\"inyecci\u00f3n de c\u00f3digo\\\") en Apache Hive. La vulnerabilidad afecta al componente del controlador JDBC de Hive y potencialmente puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en la m\u00e1quina/endpoint que ejecuta el controlador JDBC (cliente). El usuario malintencionado debe tener permisos suficientes para especificar/editar URL de JDBC en un endpoint que dependa del controlador Hive JDBC y el proceso del cliente JDBC debe ejecutarse con un usuario privilegiado para explotar completamente la vulnerabilidad. El atacante puede configurar un servidor HTTP malicioso y especificar una URL JDBC que apunte hacia este servidor. Cuando se intenta una conexi\u00f3n JDBC, el servidor HTTP malicioso puede proporcionar una respuesta especial con un payload personalizado que puede desencadenar la ejecuci\u00f3n de ciertos comandos en el cliente JDBC. Este problema afecta a Apache Hive: desde 4.0.0-alpha-1 antes de 4.0.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 4.0.0, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.7,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hive:4.0.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"76721527-FDE1-4313-A7BB-7324CEC18C08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hive:4.0.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"55EE5FE2-89FD-4470-BD72-C5E5BD20B132\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hive:4.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB8472B8-9E0F-4686-B5B3-1E326589CF9A\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/05/03/3\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/7zcv6l63spl4r66xwz5jv9rtrg2opx81\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/05/03/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/7zcv6l63spl4r66xwz5jv9rtrg2opx81\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/7zcv6l63spl4r66xwz5jv9rtrg2opx81\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/05/03/3\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T16:30:44.897Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-35701\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-17T19:48:50.207497Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:hive:*:*:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"hive\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0.0-alpha-1\", \"lessThan\": \"4.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-17T19:52:51.508Z\"}}], \"cna\": {\"title\": \"Apache Hive: Arbitrary command execution via JDBC driver\", \"source\": {\"defect\": [\"HIVE-27554\"], \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Kostya Kortchinsky\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"moderate\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Hive\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0.0-alpha-1\", \"lessThan\": \"4.0.0\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.hive:hive-jdbc\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/7zcv6l63spl4r66xwz5jv9rtrg2opx81\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/05/03/3\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache Hive.\\n\\nThe vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying on the Hive JDBC driver and the JDBC client process must run under a privileged user to fully exploit the vulnerability.\\u00a0\\n\\nThe attacker can setup a malicious HTTP server and specify a JDBC URL pointing towards this server. When a JDBC connection is attempted, the malicious HTTP server can provide a special response with customized payload that can trigger the execution of certain commands in the JDBC client.This issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0.\\n\\nUsers are recommended to upgrade to version 4.0.0, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache Hive.\u003cbr\u003e\u003cbr\u003eThe vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying on the Hive JDBC driver and the JDBC client process must run under a privileged user to fully exploit the vulnerability.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eThe attacker can setup a malicious HTTP server and specify a JDBC URL pointing towards this server. When a JDBC connection is attempted, the malicious HTTP server can provide a special response with customized payload that can trigger the execution of certain commands in the JDBC client.\u003cp\u003eThis issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.0.0, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-05-03T08:15:07.523Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-35701\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T16:55:52.036Z\", \"dateReserved\": \"2023-06-15T12:56:43.075Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-05-03T08:11:08.215Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2024-39156

Vulnerability from cnvd - Published: 2024-09-25

Title

Apache Hive代码注入漏洞

Description

Apache Hive是美国阿帕奇（Apache）基金会的一套基于Hadoop（分布式系统基础架构）的数据仓库软件。该软件提供了一个数据集成方法和一种高级的查询语言，以支持在Hadoop上进行大规模数据分析。 Apache Hive 4.0.0-alpha-1版本至4.0.0之前版本存在代码注入漏洞。该漏洞源于应用未能正确过滤构造代码段的特殊元素。攻击者可利用该漏洞导致任意代码执行。

Severity

中

Patch Name

Apache Hive代码注入漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/7zcv6l63spl4r66xwz5jv9rtrg2opx81

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-35701

Impacted products

Name
Apache Apache Hive >=4.0.0-alpha-1，<4.0.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-35701",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-35701"
    }
  },
  "description": "Apache Hive\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u57fa\u4e8eHadoop\uff08\u5206\u5e03\u5f0f\u7cfb\u7edf\u57fa\u7840\u67b6\u6784\uff09\u7684\u6570\u636e\u4ed3\u5e93\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u4e86\u4e00\u4e2a\u6570\u636e\u96c6\u6210\u65b9\u6cd5\u548c\u4e00\u79cd\u9ad8\u7ea7\u7684\u67e5\u8be2\u8bed\u8a00\uff0c\u4ee5\u652f\u6301\u5728Hadoop\u4e0a\u8fdb\u884c\u5927\u89c4\u6a21\u6570\u636e\u5206\u6790\u3002\n\nApache Hive 4.0.0-alpha-1\u7248\u672c\u81f34.0.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u6784\u9020\u4ee3\u7801\u6bb5\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/7zcv6l63spl4r66xwz5jv9rtrg2opx81",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-39156",
  "openTime": "2024-09-25",
  "patchDescription": "Apache Hive\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u57fa\u4e8eHadoop\uff08\u5206\u5e03\u5f0f\u7cfb\u7edf\u57fa\u7840\u67b6\u6784\uff09\u7684\u6570\u636e\u4ed3\u5e93\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u4e86\u4e00\u4e2a\u6570\u636e\u96c6\u6210\u65b9\u6cd5\u548c\u4e00\u79cd\u9ad8\u7ea7\u7684\u67e5\u8be2\u8bed\u8a00\uff0c\u4ee5\u652f\u6301\u5728Hadoop\u4e0a\u8fdb\u884c\u5927\u89c4\u6a21\u6570\u636e\u5206\u6790\u3002\r\n\r\nApache Hive 4.0.0-alpha-1\u7248\u672c\u81f34.0.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u6784\u9020\u4ee3\u7801\u6bb5\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Hive\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Apache Hive \u003e=4.0.0-alpha-1\uff0c\u003c4.0.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-35701",
  "serverity": "\u4e2d",
  "submitTime": "2024-05-09",
  "title": "Apache Hive\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e"
}

GHSA-VPW3-3PRF-3974

Vulnerability from github – Published: 2024-05-03 09:30 – Updated: 2025-02-13 19:00

Summary

Apache Hive Code Injection vulnerability

Details

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive.

The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying on the Hive JDBC driver and the JDBC client process must run under a privileged user to fully exploit the vulnerability.

The attacker can setup a malicious HTTP server and specify a JDBC URL pointing towards this server. When a JDBC connection is attempted, the malicious HTTP server can provide a special response with customized payload that can trigger the execution of certain commands in the JDBC client.This issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0.

Users are recommended to upgrade to version 4.0.0, which fixes the issue.

Severity ?

6.6 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.hive:hive-jdbc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0-alpha-1"
            },
            {
              "fixed": "4.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-35701"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-03T20:27:25Z",
    "nvd_published_at": "2024-05-03T09:15:07Z",
    "severity": "MODERATE"
  },
  "details": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache Hive.\n\nThe vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying on the Hive JDBC driver and the JDBC client process must run under a privileged user to fully exploit the vulnerability.\u00a0\n\nThe attacker can setup a malicious HTTP server and specify a JDBC URL pointing towards this server. When a JDBC connection is attempted, the malicious HTTP server can provide a special response with customized payload that can trigger the execution of certain commands in the JDBC client.This issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0.\n\nUsers are recommended to upgrade to version 4.0.0, which fixes the issue.",
  "id": "GHSA-vpw3-3prf-3974",
  "modified": "2025-02-13T19:00:01Z",
  "published": "2024-05-03T09:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35701"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/hive/commit/7abeb1df463cc389f668172e7cf3bb772799858a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/hive"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/HIVE-27554"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/7zcv6l63spl4r66xwz5jv9rtrg2opx81"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/05/03/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Hive Code Injection vulnerability"
}

GSD-2023-35701

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2023-35701

Aliases

CVE-2023-35701

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-35701",
    "id": "GSD-2023-35701"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-35701"
      ],
      "id": "GSD-2023-35701",
      "modified": "2023-12-13T01:20:46.246062Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-35701",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

FKIE_CVE-2023-35701

Vulnerability from fkie_nvd - Published: 2024-05-03 09:15 - Updated: 2025-07-10 16:32

Severity ?

6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@apache.org	http://www.openwall.com/lists/oss-security/2024/05/03/3	Mailing List, Third Party Advisory
security@apache.org	https://lists.apache.org/thread/7zcv6l63spl4r66xwz5jv9rtrg2opx81	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2024/05/03/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/7zcv6l63spl4r66xwz5jv9rtrg2opx81	Mailing List, Vendor Advisory

Impacted products

Vendor	Product	Version
apache	hive	4.0.0
apache	hive	4.0.0
apache	hive	4.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:hive:4.0.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "76721527-FDE1-4313-A7BB-7324CEC18C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hive:4.0.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "55EE5FE2-89FD-4470-BD72-C5E5BD20B132",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hive:4.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "FB8472B8-9E0F-4686-B5B3-1E326589CF9A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache Hive.\n\nThe vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying on the Hive JDBC driver and the JDBC client process must run under a privileged user to fully exploit the vulnerability.\u00a0\n\nThe attacker can setup a malicious HTTP server and specify a JDBC URL pointing towards this server. When a JDBC connection is attempted, the malicious HTTP server can provide a special response with customized payload that can trigger the execution of certain commands in the JDBC client.This issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0.\n\nUsers are recommended to upgrade to version 4.0.0, which fixes the issue."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de control inadecuado de generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en Apache Hive. La vulnerabilidad afecta al componente del controlador JDBC de Hive y potencialmente puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en la m\u00e1quina/endpoint que ejecuta el controlador JDBC (cliente). El usuario malintencionado debe tener permisos suficientes para especificar/editar URL de JDBC en un endpoint que dependa del controlador Hive JDBC y el proceso del cliente JDBC debe ejecutarse con un usuario privilegiado para explotar completamente la vulnerabilidad. El atacante puede configurar un servidor HTTP malicioso y especificar una URL JDBC que apunte hacia este servidor. Cuando se intenta una conexi\u00f3n JDBC, el servidor HTTP malicioso puede proporcionar una respuesta especial con un payload personalizado que puede desencadenar la ejecuci\u00f3n de ciertos comandos en el cliente JDBC. Este problema afecta a Apache Hive: desde 4.0.0-alpha-1 antes de 4.0.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 4.0.0, que soluciona el problema."
    }
  ],
  "id": "CVE-2023-35701",
  "lastModified": "2025-07-10T16:32:36.570",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-05-03T09:15:07.587",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2024/05/03/3"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/7zcv6l63spl4r66xwz5jv9rtrg2opx81"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2024/05/03/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/7zcv6l63spl4r66xwz5jv9rtrg2opx81"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-35701 (GCVE-0-2023-35701)

CNVD-2024-39156

GHSA-VPW3-3PRF-3974

GSD-2023-35701

FKIE_CVE-2023-35701

Tags

Sightings

Nomenclature