Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ApachePinot*

3 matches found

CVE
CVEadded 2025/04/01 9:15 a.m.524 views

CVE-2024-56325

Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d {"username":"hack2","password":"hack","component":"CONTROLLER","role":"ADMIN","tables":[],"permis...

9.8CVSS9.7AI score0.05777EPSS
Web
CVE
CVEadded 2022/04/05 8:15 p.m.112 views

CVE-2022-23974

In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0...

7.5CVSS7.4AI score0.03726EPSS
CVE
CVEadded 2022/09/23 8:15 a.m.60 views

CVE-2022-26112

In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pin...

9.8CVSS9.4AI score0.00358EPSS