[jira] [Created] (HIVE-22073) SQL Injection in TxnHandler#enqueueLockWithRetry

Piotr Findeisen (JIRA) Thu, 01 Aug 2019 13:50:37 -0700

Piotr Findeisen created HIVE-22073:
--------------------------------------

             Summary: SQL Injection in TxnHandler#enqueueLockWithRetry
                 Key: HIVE-22073
                 URL: https://issues.apache.org/jira/browse/HIVE-22073
             Project: Hive
          Issue Type: Bug
    Affects Versions: 3.1.1
            Reporter: Piotr Findeisen



The {{org.apache.hadoop.hive.metastore.txn.TxnHandler#enqueueLockWithRetry}} 
method gets called for Thrift {{lock}} API call with input passed from the user.

Within that method there is SQL injection possible:

[https://github.com/apache/hive/blob/774a8ef7a6e92c8a43cad2fa66bd944e666f75f0/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/txn/TxnHandler.java#L1987-L1991]

for example, when partition name contains an apostrophe.

 

Impact:
 * vulnerability: privilege escalation possible
 * availability: user cannot query ACID table where string/varchar partition 
key contains an apostrophe

 

 

 



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

[jira] [Created] (HIVE-22073) SQL Injection in TxnHandler#enqueueLockWithRetry

Reply via email to