Apache Doris

6 CVEs affecting Apache Doris. Latest disclosed: 2025-02-04. Critical: 2, High: 2.

Top CVEs affecting Apache Doris
CVESeverityScorePublishedSummary
CVE-2024-27438Critical9.82024-03-21Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote…
CVE-2023-41313Critical9.82024-03-12The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8…
CVE-2023-41314High8.22023-12-18The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade…
CVE-2022-23942High7.52022-04-26Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.
CVE-2024-48019Medium5.42025-02-04Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Dor…
CVE-2024-26307Medium5.32024-03-21Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from unde…