Apache Doris
6 CVEs affecting Apache Doris. Latest disclosed: 2025-02-04. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-27438 | Critical | 9.8 | 2024-03-21 | Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote… |
CVE-2023-41313 | Critical | 9.8 | 2024-03-12 | The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8… |
CVE-2023-41314 | High | 8.2 | 2023-12-18 | The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade… |
CVE-2022-23942 | High | 7.5 | 2022-04-26 | Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. |
CVE-2024-48019 | Medium | 5.4 | 2025-02-04 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Dor… |
CVE-2024-26307 | Medium | 5.3 | 2024-03-21 | Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from unde… |