In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0
References
Link | Resource |
---|---|
https://lists.apache.org/thread/3dk8pf1n02p8oj2j3czbtchyjsf8khwr | Mailing List Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2022-04-05T19:55:08
Updated: 2022-04-05T19:55:08
Reserved: 2022-01-26T00:00:00
Link: CVE-2022-23974
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-05T20:15:08.303
Modified: 2022-04-15T15:19:22.853
Link: CVE-2022-23974
JSON object: View
Redhat Information
No data.
CWE