All 4 CVE vulnerabilities found in Apache Pinot, with AI-generated Chinese analysis, references, and POCs.
Vendor: Apache Software Foundation
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-56325 | Apache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not required CWE-288 | 9.8AI | CriticalAI | 2025-04-01 |
| CVE-2024-39676 | Apache Pinot: Unauthorized endpoint exposed sensitive information CWE-200 | 5.3AI | MediumAI | 2024-07-24 |
| CVE-2022-26112 | Pinot query endpoint and the realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support | 9.8 | - | 2022-09-23 |
| CVE-2022-23974 | Pinot segment push endpoint has a vulnerability in unprotected environments CWE-674 | 7.5 | - | 2022-04-05 |
All 4 known CVE vulnerabilities affecting Apache Pinot with full Chinese analysis, references, and POCs where available.