CVE-2022-23974

HIGH

Apache Pinot < 0.10.0 - Denial of Service via Segment Upload Path

Title source: llm
STIX 2.1

Description

In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0

References (1)

Core 1
Core References
Mailing List, Release Notes, Vendor Advisory x_refsource_misc
https://lists.apache.org/thread/3dk8pf1n02p8oj2j3czbtchyjsf8khwr

Scores

CVSS v3 7.5
EPSS 0.0194
EPSS Percentile 77.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-674
Status published
Products (2)
apache/pinot < 0.10.0
org.apache.pinot/pinot 0 - 0.10.0Maven
Published Apr 05, 2022
Tracked Since Feb 18, 2026