[jira] [Created] (SPARK-24542) Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access arbitrary files

Xiao Li (JIRA) Tue, 12 Jun 2018 23:36:11 -0700

Xiao Li created SPARK-24542:
-------------------------------

             Summary: Hive UDF series UDFXPathXXXX allow users to pass 
carefully crafted XML to access arbitrary files
                 Key: SPARK-24542
                 URL: https://issues.apache.org/jira/browse/SPARK-24542
             Project: Spark
          Issue Type: New Feature
          Components: SQL
    Affects Versions: 2.3.1, 2.2.1, 2.1.2, 2.0.2
            Reporter: Xiao Li
            Assignee: Xiao Li



Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to 
access arbitrary files. Spark does not have built-in access control. When users 
use the external access control library, users might bypass them and access the 
file contents. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

[jira] [Created] (SPARK-24542) Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access arbitrary files

Reply via email to