- USDT(TRC-20)
- $933.0
CVE ID : CVE-2022-41137
Published : Dec. 5, 2024, 10:15 a.m. | 7 hours, 38 minutes ago
Description : Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be exploited only by authenticated users/clients that were able to successfully establish a connection to the Metastore. From an API perspective any code that calls the unsafe method may be vulnerable unless it performs additional prerechecks on the input arguments.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Reply if you wish me to write a poc tools of this exploit for you.
Published : Dec. 5, 2024, 10:15 a.m. | 7 hours, 38 minutes ago
Description : Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be exploited only by authenticated users/clients that were able to successfully establish a connection to the Metastore. From an API perspective any code that calls the unsafe method may be vulnerable unless it performs additional prerechecks on the input arguments.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Reply if you wish me to write a poc tools of this exploit for you.
![[DK]](/data/avatars/s/57/57999.jpg?1720990206){kind=avatar}
