VYPR

Doris

by Apache

CVEs (4)

  • CVE-2024-48019Feb 4, 2025
    risk 0.00cvss epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read arbitrary files from the server filesystem through path traversal. Users are…

  • CVE-2024-27438Mar 21, 2024
    risk 0.00cvss epss 0.01

    Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file…

  • CVE-2024-26307Mar 21, 2024
    risk 0.00cvss epss 0.00

    Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue…

  • CVE-2023-41313Mar 12, 2024
    risk 0.00cvss epss 0.01

    The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue.