How severe is CVE-2022-41137?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.3 out of 10.

What type of vulnerability is CVE-2022-41137?

This is classified as CWE-502, which is a common weakness in software security.

CVE-2022-41137 - HIGH Severity | CVSS 8.3

Vulnerability Description

Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be exploited only by authenticated users/clients that were able to successfully establish a connection to the Metastore. From an API perspective any code that calls the unsafe method may be vulnerable unless it performs additional prerechecks on the input arguments.

Related Vulnerabilities

CVE-2024-39636

HIGH

CVSS:8.3(High)

Deserialization of Untrusted Data vulnerability in CodeSolz Better Find and Replace.This issue affects Better Find and Replace: from n/a through 1.6.1.

CWE-5022024

CVE-2018-9474

HIGH

CVSS:8.4(High)

In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional e...

CWE-5022018

CVE-2024-49063

HIGH

CVSS:8.4(High)

Microsoft/Muzic Remote Code Execution Vulnerability

CWE-5022024

CVE-2025-30284

HIGH

CVSS:8.4(High)

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current u...

CWE-5022025

CVE-2025-30285

HIGH

CVSS:8.4(High)

CWE-5022025

CVE-2017-2295

HIGH

CVSS:8.2(High)

Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in...

CWE-5022017