CVE-2018-1284 is a vulnerability in Apache Hive
Published on April 5, 2018

In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short) to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if hive.server2.enable.doAs=false.

NVD

Products Associated with CVE-2018-1284

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-1284 are published in Apache Hive:

Apache Hive

Affected Versions

Apache Software Foundation Apache Hive Version 0.6.0 to 2.3.2 is affected by CVE-2018-1284

Exploit Probability

EPSS

0.47%

Percentile

63.99%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-1284 is a vulnerability in Apache HivePublished on April 5, 2018

Products Associated with CVE-2018-1284

Affected Versions

Exploit Probability

CVE-2018-1284 is a vulnerability in Apache Hive
Published on April 5, 2018