Jeevi Reddy Gudibandi created HIVE-26791: --------------------------------------------
Summary: Applicability of CVE-2022-3171 on Hive exec Key: HIVE-26791 URL: https://issues.apache.org/jira/browse/HIVE-26791 Project: Hive Issue Type: Bug Components: Hive Reporter: Jeevi Reddy Gudibandi Applicability of CVE-2022-3171 on Hive Exec We are currently using hive-exec.jar - [https://mvnrepository.com/artifact/org.apache.hive/hive-exec/2.3.7] This jar contains, [ com.google|http://com.google/].protobuf v2.5.0 which has the vulnerability 'CVE 2022-3171'([https://nvd.nist.gov/vuln/detail/CVE-2022-3171]) Could you please let us know if this vulnerability is a false positive or affects the hive-exec jar v2.3.7 in any way? In case this vulnerability is applicable, can we have the fix ASAP -- This message was sent by Atlassian Jira (v8.20.10#820010)