hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vihang Karajgaonkar (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (HIVE-16035) Investigate potential SQL injection vulnerability in Hive
Date Fri, 24 Feb 2017 19:25:44 GMT

     [ https://issues.apache.org/jira/browse/HIVE-16035?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Vihang Karajgaonkar reassigned HIVE-16035:
------------------------------------------


> Investigate potential SQL injection vulnerability in Hive
> ---------------------------------------------------------
>
>                 Key: HIVE-16035
>                 URL: https://issues.apache.org/jira/browse/HIVE-16035
>             Project: Hive
>          Issue Type: Bug
>          Components: Hive
>            Reporter: Vihang Karajgaonkar
>            Assignee: Vihang Karajgaonkar
>
> Some of the queries in ObjectStore and MetastoreDirectSql classes append Strings variables
directly to the query text. This JIRA is to investigate the possible vulnerabilities and fix
them using parameterized queries.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message