CVE-2022-23974

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-23974

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23974.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-23974

Aliases

GHSA-29f8-q7mf-7cqj

Published

2022-04-05T20:15:08Z

Modified

2024-09-02T21:36:41Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0

References

https://lists.apache.org/thread/3dk8pf1n02p8oj2j3czbtchyjsf8khwr

Affected packages

Git / github.com/apache/pinot

Affected ranges

Type: GIT
Repo: https://github.com/apache/pinot
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

30c4635bfeee88f88aa9c9f63b93bcd4a650607f