Apache Doris
By the Year
In 2024 there have been 0 vulnerabilities in Apache Doris . Last year Doris had 1 security vulnerability published. Right now, Doris is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 8.20 |
| 2022 | 1 | 7.50 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Doris vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Doris Security Vulnerabilities
The api /api/snapshot and /api/get_log_file would allow unauthenticated access
CVE-2023-41314
8.2 - High
- December 18, 2023
The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues.
AuthZ
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password
CVE-2022-23942
7.5 - High
- April 26, 2022
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.
Use of Hard-coded Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Doris or by Apache? Click the Watch button to subscribe.
