CVE-2022-23974

HIGH

Apache Pinot <0.9.3 - DoS

Title source: llm

Description

In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0

References (1)

[Mailing List, Release Notes, Vendor Advisory] https://lists.apache.org/thread/3dk8pf1n02p8oj2j3czbtchyjsf8khwr

Scores

CVSS v3 7.5

EPSS 0.0323

EPSS Percentile 87.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-674

Status published

Products (2)

apache/pinot < 0.10.0

org.apache.pinot/pinot 0 - 0.10.0Maven

Published Apr 05, 2022

Tracked Since Feb 18, 2026