Apache · Apache Pinot · CVE-2022-23974
**Name of the Vulnerable Software and Affected Versions**
Apache Pinot versions 0.9.3 and earlier
**Description**
The issue allows segment directories to be imported into Pinot tables through the segment upload path in Apache Pinot. In installations with open access to the controller, a specially crafted request can potentially disrupt the Pinot service.
**Recommendations**
For Apache Pinot versions 0.9.3 and earlier, update to Pinot release 0.10.0 to fix the issue.