CNNVD-202511-2892 Information
CNNVD ID
CNNVD-202511-2892
Related CVE
- CNNVD Published: 2025-11-26
Description (Chinese)
Apache Hive是美国阿帕奇(Apache)基金会的一套基于Hadoop(分布式系统基础架构)的数据仓库软件。该软件提供了一个数据集成方法和一种高级的查询语言,以支持在Hadoop上进行大规模数据分析。 Apache Hive 4.1.0版本至4.2.0之前版本存在SQL注入漏洞,该漏洞源于Thrift API处理删除列统计请求时存在SQL注入漏洞。
Description (English)
Apache Live is a data warehouse software based on Hadoop (the distributed system infrastructure) of the Apache Foundation in the United States. The software provides a dataset method and an advanced search language to support large-scale data analysis on Hadoop. Pre-Apache Live 4.1.0 to 4.2.0 has an SQL injection loophole, which stems from the SQL injection gap in Thrift API processing requests to delete columns.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
阿帕奇
Published
2025-11-26
Last Modified
2026-02-24
References
https://lists.apache.org/thread/yj65dd8dmzgy8p3nv8zy33v8knzg9o7g https://access.redhat.com/security/cve/cve-2025-62728
Patch
https://lists.apache.org/thread/yj65dd8dmzgy8p3nv8zy33v8knzg9o7g
Share on: