{"id":"CVE-2016-0760","details":"Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.","modified":"2026-04-10T03:46:51.537871Z","published":"2016-08-19T21:59:03.417Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/92328"},{"type":"ADVISORY","url":"http://mail-archives.apache.org/mod_mbox/sentry-dev/201608.mbox/%3CCACMN7ixDqDyOZGLEvsMUVHBiJ6crq8zdy%2B2mNfRooNhnk7CJ1g%40mail.gmail.com%3E"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/sentry","events":[{"introduced":"0"},{"last_affected":"d9ee8ade724d7ecc7433517bfb769da2cd002b0b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.5.1"}]}}],"versions":["release-1.5.0-rc0","release-1.5.0-rc1","release-1.5.1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.6.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-0760.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}