4 matches found
CVE-2024-56325
Apache Pinot
CVE-2022-23974
CVE-2022-23974 affects Apache Pinot 0.9.3 and older: the segment upload path allowed importing segment directories into Pinot tables in environments where the controller is openly accessible. The issue can be exploited by a specially crafted request to disrupt Pinot service. Remediation: upgrade ...
CVE-2024-39676
CVE-2024-39676 affects Apache Pinot (versions 0.1 up to, but not including, 1.0.0). The vulnerability arises from exposing sensitive information via the /appconfigs endpoint due to insufficient access controls. Exploitation could disclose system details (arch, OS version), environment info (maxHe...
CVE-2022-26112
CVE-2022-26112 affects Apache Pinot 0.10.0 and earlier, where Groovy function support is enabled by default in the Pinot query endpoint and realtime ingestion layer, causing a vulnerability in unprotected environments. The issue is mitigated by disabling Groovy support by default beginning with P...