cvedb.io
CVE-2021-34538
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2022-07-16T07:15:08.530 · Last modified 2026-06-17T03:56:05.427

Summary

Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious.

Affected products

apache — hive

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.