CVE-2022-41137
CVSS 3.1 Score 8.3 of 10 (high)
Details
Published Dec 5, 2024
CWE ID 502
Summary
CVE-2022-41137 is a remote code execution (RCE) vulnerability affecting Apache Hive Metastore (HMS). The issue arises due to the insecure deserialization of data using the method SerializationUtilities#deserializeObjectWithTypeInformation during partition filtering and fetching. This vulnerability can be exploited by authenticated users or clients who have successfully connected to the Metastore. From an API standpoint, any code that employs the unsafe method is susceptible to this vulnerability unless it performs rigorous input validation checks beforehand.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share