cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-39676,https://securityvulnerability.io/vulnerability/CVE-2024-39676,Apache Pinot vulnerability: Sensitive Information Disclosure Due to Inadequate Access Control,"Apache Pinot contains a vulnerability that exposes sensitive information to unauthorized users. Specifically, when a request is made to the '/appconfigs' path on the controller, critical system and environment data is revealed, including architecture details, operating system version, maximum heap size, and crucial Pinot configurations like the Zookeeper path. To mitigate this vulnerability, users are strongly encouraged to upgrade to version 1.0.0 and implement Role-based Access Control (RBAC) to restrict access to the '/appconfigs' endpoint and other associated APIs. Properly configuring RBAC ensures that only authorized personnel can view sensitive data, thereby enhancing the security of the Apache Pinot deployment.",Apache,Apache Pinot,7.5,HIGH,0.0005699999746866524,false,,false,false,false,,,false,false,,2024-07-24T07:41:09.856Z,0
CVE-2022-38649,https://securityvulnerability.io/vulnerability/CVE-2022-38649,Apache Airflow Pinot provider allowed Command Injection,"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.",Apache,"Apache Airflow Pinot Provider,Apache Airflow",9.8,CRITICAL,0.012280000373721123,false,,false,false,false,,,false,false,,2022-11-22T00:00:00.000Z,0
CVE-2022-26112,https://securityvulnerability.io/vulnerability/CVE-2022-26112,Pinot query endpoint and the realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support,"In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0",Apache,Apache Pinot,9.8,CRITICAL,0.002850000048056245,false,,false,false,false,,,false,false,,2022-09-23T08:05:13.000Z,0
CVE-2022-23974,https://securityvulnerability.io/vulnerability/CVE-2022-23974,Pinot segment push endpoint has a vulnerability in unprotected environments,In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0,Apache,Apache Pinot,7.5,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-04-05T19:55:08.000Z,0