CVE-2022-23974

Summary

In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache PinotApache Pinot <= 0.9.3affected

Weaknesses

  • CWE-674: CWE-674 Uncontrolled Recursion

ADP Enrichment

CVE Program Container

Additional References

References