Is org.apache.hive:hive-exec affected by CVE-2022-41137?

Maven org.apache.hive:hive-exec is affected in >=4.0.0-alpha-1 <4.0.0-alpha-2.

Is CVE-2022-41137 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 1.7%.

high

CVE-2022-41137

Q: Is CVE-2022-41137 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 1.7%.

Maven · org.apache.hive:hive-exec

Summary

Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore

Severity: high
EPSS: 1.7% (p74)
Also known as: GHSA-6hqr-c69m-r76q
Published: 2024-12-05

References

https://nvd.nist.gov/vuln/detail/CVE-2022-41137
https://github.com/apache/hive/commit/60027bb9c91a93affcfebd9068f064bc1f2a74c9
https://github.com/apache/hive

Related advisories

CVE-2024-29869 — medium · Maven/org.apache.hive:hive-exec

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.