Vulnerabilities > Apache > Pinot > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-24 CVE-2024-39676 Unspecified vulnerability in Apache Pinot
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details:  When using a request to path “/appconfigs” to the controller, it can lead to the disclosure of sensitive information such as system information (e.g.
network
low complexity
apache
7.5
2022-04-05 CVE-2022-23974 Uncontrolled Recursion vulnerability in Apache Pinot
In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables.
network
low complexity
apache CWE-674
7.5