Apache Hive through version 2.3.2 is vulnerable to SQL injection in the JDBC driver due to improper input sanitization in jdbc/HivePreparedStatement.java. External References: https://lists.apache.org/thread.html/74bd2bff1827febb348dfb323986fa340d3bb97a315ab93c3ccc8299@%3Cdev.hive.apache.org%3E Upstream Issue: https://issues.apache.org/jira/browse/HIVE-18788 Upstream Patches: https://issues.apache.org/jira/secure/attachment/12911779/HIVE-18788.1.patch https://issues.apache.org/jira/secure/attachment/12911868/HIVE-18788.2.patch https://issues.apache.org/jira/secure/attachment/12911921/HIVE-18788.3.patch https://issues.apache.org/jira/secure/attachment/12912687/HIVE-18788.3-branch-2.3.patch
Created hive tracking bugs for this issue: Affects: fedora-all [bug 1564362]