{"id":"CVE-2022-23974","details":"In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0","aliases":["GHSA-29f8-q7mf-7cqj"],"modified":"2026-04-12T04:41:37.093579Z","published":"2022-04-05T20:15:08.303Z","references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread/3dk8pf1n02p8oj2j3czbtchyjsf8khwr"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/pinot","events":[{"introduced":"0"},{"fixed":"30c4635bfeee88f88aa9c9f63b93bcd4a650607f"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:apache:pinot:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"0.10.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23974.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}