org.apache.pinot:pinot-flink-connector (>=1.0.0 <=1.2.0), org.apache.pinot:pinot-minion-builtin-tasks (>=1.0.0 <=1.2.0) +1 more potentially affected by CVE-2024-56325 via org.apache.pinot:pinot-controller (>=1.0.0 <=1.2.0)

org.apache.pinot:pinot-controller MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0 Source cves: CVE-2024-56325 Source advisory: SNYK:JAVA-ORGAPACHEPINOT-9637840...

org.apache.pinot:pinot-distribution (>=0.1.0 <=0.9.3), org.apache.pinot:pinot-flink-connector (>=1.0.0 <=1.2.0) +6 more potentially affected by CVE-2024-56325 via org.apache.pinot:pinot-controller (>=0.1.0 <=1.2.0)

org.apache.pinot:pinot-controller MAVEN version =0.1.0, =0.1.0, =1.0.0, =0.9.0, =0.1.0, =0.8.0, =0.8.0, =0.1.0, =0.1.0, =0.9.3 Source cves: CVE-2024-56325 Source advisory: OSV:GHSA-6JWP-4WVJ-6597...

org.apache.pinot:pinot-distribution (>=0.1.0 <=0.9.3), org.apache.pinot:pinot-integration-test-base (>=0.9.0 <=0.9.3) +3 more potentially affected by CVE-2024-56325 via org.apache.pinot:pinot-broker (>=0.1.0 <=0.9.3)

org.apache.pinot:pinot-broker MAVEN version =0.1.0, =0.1.0, =0.9.0, =0.1.0, =0.1.0, =0.1.0, =0.9.3 Source cves: CVE-2024-56325 Source advisory: OSV:GHSA-6JWP-4WVJ-6597...

com.navercorp.pinpoint:pinpoint-batch (>=3.0.0 <=3.0.5), com.navercorp.pinpoint:pinpoint-collector-starter (>=3.0.0 <=3.0.5) +65 more potentially affected by CVE-2024-56325 via org.apache.pinot:pinot-common (>=0.1.0 <=1.2.0)

org.apache.pinot:pinot-common MAVEN version =0.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1, =3.0.1, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =2024.4.0, =2025.1.1 and more Source cves: CVE-2024-56325 Source advisory: OSV:GHSA-6JWP-4WVJ-6597...

CVE-2024-56325

Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d...

CVE-2024-56325

Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d...

CVE-2024-56325

Apache Pinot

CVE-2024-56325 Apache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not required

Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d...

CVE-2025-56325

creationtimestamp| type| source ---|---|--- 2025-03-28 15:04:18+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3llh3la3n222m...

CVE-2024-56325

creationtimestamp| type| source ---|---|--- 2025-03-03 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-109/ 2025-03-04 11:00:09+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114103812642418026 2025-03-11 03:21:18+00:00| seen|...