Vulnerabilities > Apache > Pinot
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-24 | CVE-2024-39676 | Unspecified vulnerability in Apache Pinot Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the controller, it can lead to the disclosure of sensitive information such as system information (e.g. | 7.5 |
| 2022-09-23 | CVE-2022-26112 | Unspecified vulnerability in Apache Pinot In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. | 9.8 |
| 2022-04-05 | CVE-2022-23974 | Uncontrolled Recursion vulnerability in Apache Pinot In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. | 7.5 |