Open vpriyam opened 1 week ago
https://www.opencve.io/cve/CVE-2024-32002 https://www.opencve.io/cve/CVE-2020-19726 https://www.opencve.io/cve/CVE-2022-47695 https://www.opencve.io/cve/CVE-2023-47038 https://www.opencve.io/cve/CVE-2022-2000 https://www.opencve.io/cve/CVE-2022-2042 https://www.opencve.io/cve/CVE-2023-4733 https://www.opencve.io/cve/CVE-2023-4735 https://www.opencve.io/cve/CVE-2023-4750 https://www.opencve.io/cve/CVE-2023-4751 https://www.opencve.io/cve/CVE-2023-4752 https://www.opencve.io/cve/CVE-2023-4781 https://www.opencve.io/cve/CVE-2023-5535
https://www.opencve.io/cve/CVE-2022-44840 https://www.opencve.io/cve/CVE-2022-45703 https://www.opencve.io/cve/CVE-2024-22667 https://www.opencve.io/cve/CVE-2022-1897 https://www.opencve.io/cve/CVE-2022-3510
https://www.opencve.io/cve/CVE-2022-3171 https://www.opencve.io/cve/CVE-2022-3509 https://www.opencve.io/cve/CVE-2021-46174 https://www.opencve.io/cve/CVE-2023-2976
altogether 22 CVEs: 1x 9.0/10 Critical 1x 8.8/10 High 15x 7.8/10 High 4x 7.5/10 High 1x 7.1/10 High
next time one should follow https://github.com/apache/pinot/security
the question is: how can this partly relatively old CVEs with high severity remain in master,
Do we have any ideas for approaches how we can fine-tune our processes to prevent this/lower the number?
maybe of interest comments in: https://github.com/apache/pinot/issues/12341#issuecomment-2183461835
PLease may I know the SLA to get a fixable version for these vulnerabilities?
PLease may I know the SLA to get a fixable version for these vulnerabilities?
if you are using the paid pinot offer from startree, maybe you can contact their support directly. Otherwise, well... I'm afraid there is no SLA.. everybody likes this to be fixed.. its open source, everyone can contribute...
I have scanned following image, and found some vulnerabilities. This is from master branch
apachepinot/pinot:1.2.0-SNAPSHOT-ddce06f9cc-20240620-17-ms-openjdk
below critical and high vulnerabilities?
https://www.cve.org/CVERecord?id=CVE-2024-32002 https://www.cve.org/CVERecord?id=CVE-2020-19726 https://www.cve.org/CVERecord?id=CVE-2022-47695 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://www.cve.org/CVERecord?id=CVE-2022-2000 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://www.cve.org/CVERecord?id=CVE-2023-5535
https://www.cve.org/CVERecord?id=CVE-2022-44840 https://www.cve.org/CVERecord?id=CVE-2022-45703 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://www.cve.org/CVERecord?id=CVE-2022-1897 https://www.cve.org/CVERecord?id=CVE-2022-3510
https://www.cve.org/CVERecord?id=CVE-2022-3171 https://www.cve.org/CVERecord?id=CVE-2022-3509 https://www.cve.org/CVERecord?id=CVE-2021-46174 https://www.cve.org/CVERecord?id=CVE-2023-2976