CVE-2022-41137

CVSS 3.1 Score 8.3 of 10 (high)

Details

Published Dec 5, 2024
CWE ID 502

Summary

CVE-2022-41137 is a remote code execution (RCE) vulnerability affecting Apache Hive Metastore (HMS). The issue arises due to the insecure deserialization of data using the method SerializationUtilities#deserializeObjectWithTypeInformation during partition filtering and fetching. This vulnerability can be exploited by authenticated users or clients who have successfully connected to the Metastore. From an API standpoint, any code that employs the unsafe method is susceptible to this vulnerability unless it performs rigorous input validation checks beforehand.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share