Filtered by vendor Apache
Subscriptions
Filtered by product Doris
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-41314 | 1 Apache | 1 Doris | 2023-12-22 | 8.2 High |
The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues. | ||||
CVE-2022-23942 | 1 Apache | 1 Doris | 2022-05-06 | 7.5 High |
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. |
Page 1 of 1.