Severity: important

Affected versions:

- Apache Doris 1.2.0 through 2.0.3

Description:

The api /api/snapshot and /api/get_log_file would allow unauthenticated access.
It could allow a DoS attack or get arbitrary files from FE node.
Please upgrade to 2.0.3 to fix these issues.

References:

https://doris.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-41314


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@doris.apache.org
For additional commands, e-mail: dev-h...@doris.apache.org

Reply via email to