oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-26307: Apache Doris: Possible race condition

From: Mingyu Chen <morningman () apache org>
Date: Thu, 21 Mar 2024 08:48:20 +0000
Severity: low

Affected versions:

- Apache Doris before 1.2.8
- Apache Doris before 2.0.4

Description:

Possible race condition vulnerability in Apache Doris.
Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and 
chmodding the wrong file.
This could theoretically happen, but the impact would be minimal.
This issue affects Apache Doris: before 1.2.8, before 2.0.4.

Users are recommended to upgrade to version 2.0.4, which fixes the issue.

References:

https://doris.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-26307
Previous By Date Next
Previous By Thread Next

Current thread: