VYPR

Maven package

org.apache.pinot/pinot-controller

pkg:maven/org.apache.pinot/pinot-controller

Vulnerabilities (2)

  • CVE-2024-56325Apr 1, 2025
    affected < 1.3.0fixed 1.3.0

    Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\",

  • CVE-2024-39676Jul 24, 2024
    affected >= 0.1, < 1.0.0fixed 1.0.0

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details:  When using a request to pat