Lucene search
ApacheCVELIST:CVE-2024-26307HistoryMar 21, 2024 - 9:38 a.m.
CVE-2024-26307 Apache Doris: Possible race condition
2024-03-2109:38:19
CWE-362
apache
www.cve.org
apache doris
race condition
vulnerability
chmod method
upgrade
cve-2024-26307
Possible race condition vulnerability in Apache Doris.
Some of code using chmod() method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file.
This could theoretically happen, but the impact would be minimal.
This issue affects Apache Doris: before 1.2.8, before 2.0.4.
Users are recommended to upgrade to version 2.0.4, which fixes the issue.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Doris",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.2.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.0.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
cve
cve
CVE-2024-26307
2024-03-21 10:15:07
cnvd
cnvd
Apache Doris Security Bypass Vulnerability
2024-03-26 00:00:00
nvd
nvd
CVE-2024-26307
2024-03-21 10:15:07