[jira] [Commented] (SPARK-24542) Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access arbitrary files

Apache Spark (JIRA) Tue, 12 Jun 2018 23:40:09 -0700


    [ 
https://issues.apache.org/jira/browse/SPARK-24542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16510687#comment-16510687
 ]


Apache Spark commented on SPARK-24542:
--------------------------------------

User 'gatorsmile' has created a pull request for this issue:
https://github.com/apache/spark/pull/21549

> Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to 
> access arbitrary files
> ------------------------------------------------------------------------------------------------
>
>                 Key: SPARK-24542
>                 URL: https://issues.apache.org/jira/browse/SPARK-24542
>             Project: Spark
>          Issue Type: New Feature
>          Components: SQL
>    Affects Versions: 2.0.2, 2.1.2, 2.2.1, 2.3.1
>            Reporter: Xiao Li
>            Assignee: Xiao Li
>            Priority: Major
>
> Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to 
> access arbitrary files. Spark does not have built-in access control. When 
> users use the external access control library, users might bypass them and 
> access the file contents. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

[jira] [Commented] (SPARK-24542) Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access arbitrary files

Reply via email to