CVE-2022-23974
Logic error in Apache Pinot
7.5
HIGH
CVSS 3.1
EPSS 3.2%
Description
In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0
How to fix CVE-2022-23974
To remediate CVE-2022-23974, upgrade the affected package to a fixed version below.
- —upgrade to 0.10.0 or later
Is CVE-2022-23974 being exploited?
Low — EPSS is 3.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.10.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |