CVE-2021-34538

Name of the Vulnerable Software and Affected Versions Apache Hive versions prior to 3.1.3

Description The issue arises from the lack of necessary authorization checks for involved entities in the query during CREATE and DROP function operations. This allows an unauthorized user to manipulate an existing UDF without proper privileges, enabling them to drop and recreate UDFs that point to potentially malicious jars.

Recommendations For versions prior to 3.1.3, update to version 3.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the CREATE and DROP function operations to authorized users only, and monitor UDF manipulations closely to minimize the risk of exploitation.