High severityNVD Advisory· Published Apr 5, 2022· Updated Aug 3, 2024
Pinot segment push endpoint has a vulnerability in unprotected environments
CVE-2022-23974
Description
In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.pinot:pinotMaven | < 0.10.0 | 0.10.0 |
Affected products
2- Apache Software Foundation/Apache Pinotv5Range: Apache Pinot
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-29f8-q7mf-7cqjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23974ghsaADVISORY
- docs.pinot.apache.org/basics/releases/0.10.0ghsaWEB
- github.com/apache/pinot/pull/7969ghsaWEB
- lists.apache.org/thread/3dk8pf1n02p8oj2j3czbtchyjsf8khwrghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.