This content is viewable by Everyone

Mandiant Reports Two Apache Vulnerabilities

An irrelevant code vulnerability exists within the example DAGs in Apache Airflow 2.3.4 and earlier that, when exploited, allows a remote attacker to execute arbitrary commands. Proof-of-concept (PoC) code is publicly available.
 

In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support.

For a complete description of the vulnerabilities and affected systems go to:

IT Security

Read more about IT Security service offerings.