CVE-2022-23974 is a vulnerability in Apache Pinot
Published on April 5, 2022
Pinot segment push endpoint has a vulnerability in unprotected environments
In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0
Weakness Type
What is a Stack Exhaustion Vulnerability?
The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.
CVE-2022-23974 has been classified to as a Stack Exhaustion vulnerability or weakness.
Products Associated with CVE-2022-23974
Want to know whenever a new CVE is published for Apache Pinot? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Pinot:- Version Apache Pinot, <= 0.9.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.