Product
apache doris
6 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-48019
CVE-2024-27438
CVE-2024-26307
CVE-2023-41313
CVE-2023-41314
CVE-2022-23942
>= 2.1.0 and < 2.1.8
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Partie
>= 1.2.0 and < 2.0.5
Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked
< 1.2.8
Possible race condition vulnerability in Apache Doris. Some of code using
chmod() method. This method run the risk of someone re< 1.2.8
The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade
< 2.0.3
The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary file
< 1.0.0
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to infor