oss-sec mailing list archives
CVE-2022-23974: Apache Pinot: Pinot segment push endpoint has a vulnerability in unprotected environments
From: Subbu Subramaniam <mcvsubbu () apache org>
Date: Tue, 05 Apr 2022 15:54:48 +0000
Description: In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0 Credit: Apache Pinot would like to thank bubblegumkk () qq com, Kuiplatain@knownsec and FA1C0N@RPO_OFFICIAL for reporting the issue
Current thread:
- CVE-2022-23974: Apache Pinot: Pinot segment push endpoint has a vulnerability in unprotected environments Subbu Subramaniam (Apr 05)